careers in information security angelo castigliola
TRANSCRIPT
![Page 1: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/1.jpg)
Careers in Information Security
Angelo Castigliola
![Page 2: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/2.jpg)
Angelo Castigliola
• Enterprise Information Security and Risk Management Systems Analyst for Unum.
• Application Security Architecture• Winner of DHS National Cybersecurity
Awareness Campaign Challenge 2010• Contributed to GNU open source project iWar
featured in “Hacking Exposed Linux, 3rd Edition.”
![Page 3: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/3.jpg)
Presentation Agenda
• Overview of careers in Information Security• Regulatory Laws and Compliance• Certifications• Professional Organizations • Q&A
![Page 4: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/4.jpg)
Three Tiers Of Security
• Prevention– Regulatory Laws and Compliance – Vulnerability/Risk Assessments– Patch Management
• Monitoring– Intrusion Detection– Viruses– Malicious Websites\Email
• Response– Data Forensics– Customer Inquires into IT Security Mechanisms– Lost or Stolen Sensitive Data
![Page 5: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/5.jpg)
Identity Management
• Governs user access to information systems and infrastructure.
• Create and manage policies which are compliant with regulatory laws.– System IDs– Emergency Access
• Architect solutions that automate the provisioning of user access.
![Page 6: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/6.jpg)
Intrusion Detection
• Monitors enterprise for security threats.– Antivirus– Wi-Fi Monitoring– Network Traffic Monitoring– Email
![Page 7: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/7.jpg)
Forensics
• Responds to internal and legal inquiries• Uses various forensics tools– BackTrack
![Page 8: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/8.jpg)
Regulatory Compliance
• Governs enterprise polices to ensure compliance with Local State and Federal laws.– Sarbanes-Oxley Act 2002– Gramm–Leach–Bliley Act 1999– Health Insurance Portability and Accountability
Act 1996• International Regulatory Laws– UK Data Protection Act 1998– EU's Data Protection Directive
![Page 9: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/9.jpg)
Industry Standards
• North American Electric Reliability Corporation
• Federal Energy Regulatory Commission• Federal Financial Institutions Examination
Council• ISO 17799• Information Technology Infrastructure Library
![Page 10: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/10.jpg)
Application Security Architecture
• Consulting– Work with application teams to design secure
systems.• Components– Architect solutions to standardized authentication
and authorization processes.• Compliance– Govern policies for secure application
development.
![Page 11: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/11.jpg)
Certifications
• (ISC2)– Certified Information Systems Security
Professional (CISSP)– Systems Security Certified Practitioner (SSCP)– Certified Secure Software Lifecycle Professional
(CSSLP)
![Page 12: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/12.jpg)
Professional Organizations
• TechMaine InfoSEC• Maine Bytes• ASIS
![Page 13: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/13.jpg)
Staying in Contact
• castigliola.com– Facebook– Twitter– LinkedIn– Blog
• Q&A
![Page 14: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/14.jpg)
My Original Job Posting• Launch your career at UnumProvident Corporation, an insurance industry Fortune 500 company positioned for strong future
growth. The company's leadership position and tremendous growth potential makes it a place of outstanding professional opportunity. UnumProvident people display a spirit of innovation as well as pride in the social value of the products and services we provide.
** Due to the considerable candidate response we have received ? please apply for this position ONLY if you meet ALL required skills. **
No Third Parties Please.
This Security Architect position will be focused on candidates with BOTH Mainframe and RACF Admin experience.
Responsibilities will include:
*Assist in the oversight of security access and administration under the control of the mainframe (RACF, DB2, IDMS, IMS and Teradata)*Provide security consulting to business partners regarding mainframe security related issues.*Perform regular reviews of security access privileges.*Generate ongoing security access review reports*Assist in the development of a Security Access Administration Program.
Principal Duties and Responsibilities
*Continually evaluate vendor's product strategies and future product statements and advice, which will be most appropriate to pursue.*Perform ongoing security audits to ensure that the security posture is not compromised. *Assist in the development of sound security policies and procedures. *Provide technical security assistance to other areas within UnumProvident.*Conduct security policy violation investigations. *Monitor for inappropriate Internet and Internet E-mail usage*Assess reported security threats and weaknesses.*May perform other duties as assigned
![Page 15: Careers in Information Security Angelo Castigliola](https://reader036.vdocuments.us/reader036/viewer/2022083007/56649e4a5503460f94b3e1f5/html5/thumbnails/15.jpg)
My Original Job Posting Cont.• Job Specifications:
*Ability to work effectively in an ambiguous environment *Ability to work across geographical locations *BS or advanced degree in computer science or related discipline *Two or more years of information technology engineering, support or consulting experience, one of those years spent in system security or IT Audit related positions. *Basic understanding of UNIX, Windows NT/2000, OS/390 vulnerabilities *Basic understanding of threats and vulnerabilities associated with whole-site Intranet access and with broad access to the Internet and the World Wide Web. *Basic understanding of the principles of implementation and operation and experience with security technology such as firewalls, multi-level security implementation, Kerberos, smart cards, security assessment, monitoring and profiles tools (e.g., ISS), and password crackers. *Encryption techniques include key management *Strong oral and written communications skills *Strong analytical stills *CISSP a plus
Understanding of the following security areas desired:
*ACF, Top Secret, RACF *TCP/IP and X.25 *ISS Safesuite/Cisco Secure Solutions or equivalent products Internet Technologies (NNTP, Proxy, HTTP, HTTPS, HTLM, SSL, X.509) IPSEC *Unix security *Raptor & Checkpoint Firewall technologies *ACE Server/SecurID *MCI UUNET/PAL *Shiva/Radius *PGP & s/mime *Norton Anti-virus Cross suite *OS/390, NT, OS/2, Sun Solaris, AIX
UnumProvident Corporation, offers competitive pay, relocation assistance and excellent benefits. Come join us if you're interested in working in an exciting and challenging environment for a company that is on the move!
Please apply on-line
Equal Opportunity Employer
This position may be posted for multiple office locations, please be sure to indicate your location preference in your cover letter.