Information Security Professional

Information SecurityProfessional

UIN - 16 Nov 2011 - @y3dips

Wednesday, November 16, 11

• Freelance IT Security Consultant

• More than 9 years in IT Security

• Founder of “ECHO” one of Indonesian Hacker Community, established 2003

• Founder of IDSECCONF - Indonesia Security Conference

@y3dips

y3dips


InfoSec

Means protecting information and information systems from unauthorized

access, use, disclosure, disruption, modification, perusal, inspection,

recording or destruction [1]

[1] h&p://wikipedia.org


http://en.wikipedia.org/wiki/Information_system

http://en.wikipedia.org/wiki/Information_system

http://wikipedia.org


Information Security• Information : Set or collection of data that has meaning

• Level [2]

• Non-Classified

• Public Information

• Personal Information

• Routine Business Information

• Classified

• Confidential

• Secret

• Top Secret

[2] h&p://wikipedia.org




InfoSec Pro

People Working in Information security


InfoSec Pro

Background• Natural Born Hacker

• Formal Education


HackersNatural Born Hacker, Gain their InfoSec Knowledge by Hacking; Hack to Learn not


Hacker

• Newbie

• Script Kiddie

• Develop Kiddie

• Hacker

• 1337


Newbie

A wanna be hacker


Script Kiddies

Know the Tools, Able to use the tools;

But, Not how the tool “really” works


Develop Kiddies

Able to Create a Tools,

Know how the tool “really” works

But Still lack with attitude


Hacker

Know Exactly What they’re Doin and

How to Do it


1337

Nobody Know what They are Doing


Hacker

[+]

• Proven Skill and Exprerience

• Able to do a proof of concept

[-]

• Lack of Metodhologies

• Lack or Organizations/Managerial


!Professional

• Bug Hunter

• OS/App Developer

• Botnet owner (DDOSer)

• Fraudster




InfoSec StudentGain Information Security Knowledge from formal Education, Course, Certification


InfoSec Student

[+]

• Strong in Concept and Metodhologies

[-]

• Lack of Skill and Experience

• Unable to do Proof Of concept


InfoSec Pro

• IT Security Officer

• IT Security Analyst

• IT Security Auditor

• IT Security Engineer


Security Officer

• Security Contact Point for Organization

• Principle Advisor for IT Security

• Ensure Security Program Running ( Security Awareness course, etc)

• Creating Security Policy, Procedures, Hardening guide


Security Analyst

• Monitor all type of access to protect confidentiality and integrity

• Provides Direct Support and Advise to the IT Security Manager

• System Security Analyst, Network Security Analyst


Security Auditor

• Auditing an Organizations Technology processess and security.

• IT General Controls Reviews

• Application Controls Reviews

• Security Auditor, Penetration Tester


Security Engineer

• Maintenance Computer Hardware and Software that comprises a computer Network

• Doing a Security hardening and Configuration

• System Security Engineer, Network Security Engineer


Requirements

• Skill

• Experience

• Attitude

• Able to work independent/group

• Certification?


Skill

• In depth knowledge of Operating System

• In depth knowledge of Networking

• In depth knowledge of Application

• In defpth knowledge of Programming

• Much more :)


Experience

• How long you’ve been in that field

• + the Security afterward.


Attitude

With Great Power Comes Great Responsibilities


Work

• Able to work Alone (individualist),

• or a Team Player


Certification

• In someway, its a [+]

• Is it badly needed?


Limitation

• Government Rule : UU ITE

• Organization/company Rule: NDA


Failed

• Always Take not Give

• Lack of Attitude

• Kiddies Minded

• Lazy to Improve



Information SecurityProfessional

UIN - 16 Nov 2011 - @y3dips
