PREPARE YOURSELF TO BECOME INFOSEC PROFESSIONAL

Presented by M. Syarifudin, ST, OSCP, OSWP

Bandung, Jul 28 2016Stadium General Course

Telkom University

1

Who is M. SYARIFUDIN ?

• Former Lecturer and Assistant Manager

• OSCP & OSWP Certified

• Information Security Trainer and Researcher

• Official Indonesian Kali Linux Translator

• Homepage : http://fl3x.us

2

LET’S TALK ABOUT…

• Information Security

• What Should be Prepared to become Infosec Professional

3

INFORMATION SECURITY OVERVIEW

• The practice of defending information from (un)authorised access, (mis)use, disclosure, disruption, modification, or destruction

4

Confidentiality Integrity Availability

source:wikipedia

WHY INFORMATION SECURITY NEEDED ?

• Information is very important asset

• Impact to the Business

5

People Technology System

SOME CASES

6

Referral System Vulnerability

SOME BREACHES

7

Source : https://haveibeenpwned.com

SOME CYBER ATTACKS

8

Source : http://www.thejakartapost.com/

SOME CYBER ATTACKS

9

Source : http://www.bbc.com/news/uk-36239805

10

Infosec Pro are always needed

INFOSEC PRO JOBS

• Penetration Tester / Ethical Hacker

• Information Security Consultant

• Security Engineer

• Information Security Specialist

11

INFOSEC PRO JOBS

• Information Security Manager

• Chief Information Security Officer

• Information Security Trainer

• etc

12

SAMPLE SALARY ( PENTESTER )

13

Source:http://www.payscale.com/research/US/Job=Penetration_Tester/Salary

SAMPLE SALARY ( PENTESTER )

14

77K USD per year -> 6.4K USD per month = Rp 84.000.000 per month

WHAT SHOULD BE PREPARED ?

• Have the Passion & Good Mental

• More focus on these Subjects :

• Operating System

• Computer Network and Security

• Cryptography, and Programming

15

WHAT SHOULD BE PREPARED ?

• Join to the Laboratory

• Join to the Infosec Community

• Decide your Interest

• Taking the Infosec Courses and Certifications

16

SOME INFOSEC CERTIFICATIONS

17

More info: https://www.offensive-security.com/information-security-certifications/

SOME INFOSEC CERTIFICATIONS

18

More info: http://www.giac.org/certifications/categories

SOME INFOSEC CERTIFICATIONS

19

More info: http://www.isaca.org/ More info: https://www.isc2.org/

20

Which one of your interest ?

What is PenTest ?

21

Real Attacks The Target Gain Access

Application NetworkSystem

Why Do a PenTest ?

22

$$$$$ Security Program

Protecting Infrastructure

Prevent Data Breaches

Penetration Test

About PenTest

23

Compromise IT System Security

Find Security VulnerabilitiesMust Have a Permission

Be Creative Exploit the Security Vuln.

Bypass Security MechanismThink like an Attacker

Penetration Testing Execution Standard

24

Intelligence GatheringPre-engagement

Threat ModellingVulnerability Analysis

Exploitation Post Exploitation

Reporting

http://www.pentest-standard.org

PENTEST DEMO

25

Let’s Hack the Target ;)

Thank You Any Question ?

“Contact Me” on http://fl3x.us

26