prepare yourself to become infosec professional
TRANSCRIPT
PREPARE YOURSELF TO BECOME INFOSEC PROFESSIONAL
Presented by M. Syarifudin, ST, OSCP, OSWP
Bandung, Jul 28 2016Stadium General Course
Telkom University
1
Who is M. SYARIFUDIN ?
• Former Lecturer and Assistant Manager
• OSCP & OSWP Certified
• Information Security Trainer and Researcher
• Official Indonesian Kali Linux Translator
• Homepage : http://fl3x.us
2
LET’S TALK ABOUT…
• Information Security
• What Should be Prepared to become Infosec Professional
3
INFORMATION SECURITY OVERVIEW
• The practice of defending information from (un)authorised access, (mis)use, disclosure, disruption, modification, or destruction
4
Confidentiality Integrity Availability
source:wikipedia
WHY INFORMATION SECURITY NEEDED ?
• Information is very important asset
• Impact to the Business
5
People Technology System
SOME CASES
6
Referral System Vulnerability
SOME CYBER ATTACKS
8
Source : http://www.thejakartapost.com/
SOME CYBER ATTACKS
9
Source : http://www.bbc.com/news/uk-36239805
10
Infosec Pro are always needed
INFOSEC PRO JOBS
• Penetration Tester / Ethical Hacker
• Information Security Consultant
• Security Engineer
• Information Security Specialist
11
INFOSEC PRO JOBS
• Information Security Manager
• Chief Information Security Officer
• Information Security Trainer
• etc
12
SAMPLE SALARY ( PENTESTER )
13
Source:http://www.payscale.com/research/US/Job=Penetration_Tester/Salary
SAMPLE SALARY ( PENTESTER )
14
77K USD per year -> 6.4K USD per month = Rp 84.000.000 per month
WHAT SHOULD BE PREPARED ?
• Have the Passion & Good Mental
• More focus on these Subjects :
• Operating System
• Computer Network and Security
• Cryptography, and Programming
15
WHAT SHOULD BE PREPARED ?
• Join to the Laboratory
• Join to the Infosec Community
• Decide your Interest
• Taking the Infosec Courses and Certifications
16
SOME INFOSEC CERTIFICATIONS
17
More info: https://www.offensive-security.com/information-security-certifications/
SOME INFOSEC CERTIFICATIONS
18
More info: http://www.giac.org/certifications/categories
SOME INFOSEC CERTIFICATIONS
19
More info: http://www.isaca.org/ More info: https://www.isc2.org/
20
Which one of your interest ?
What is PenTest ?
21
Real Attacks The Target Gain Access
Application NetworkSystem
Why Do a PenTest ?
22
$$$$$ Security Program
Protecting Infrastructure
Prevent Data Breaches
Penetration Test
About PenTest
23
Compromise IT System Security
Find Security VulnerabilitiesMust Have a Permission
Be Creative Exploit the Security Vuln.
Bypass Security MechanismThink like an Attacker
Penetration Testing Execution Standard
24
Intelligence GatheringPre-engagement
Threat ModellingVulnerability Analysis
Exploitation Post Exploitation
Reporting
http://www.pentest-standard.org
PENTEST DEMO
25
Let’s Hack the Target ;)