My Presentation on Career Opportunities in Cyber Security presented at the North Cap University during the course inauguration ceremony, where I talked about different career paths to get into the cyber security domain.
2. #ROOT@CHARLIE~:WHOAMI
• Principal Consultant @ eSec Forte Technologies
• Sr. Research Fellow @ e-Kawach Project
• 8+ Years of Experience in Cyber Security Domain
• Engineer by Education, Security Reseacher By Curiosity
• Mentor and Research Coordinator to Threat Research Project
2
4. • Cisco Says "Cyber Security is the convergence of people,
processes and technology that come together to protect
organizations, individuals or networks from digital attacks.”
• Wikipedia Says “Computer security, cybersecurity or IT security is
the protection of computer systems from the theft of or damage
to their hardware, software, or electronic data, as well as from the
disruption or misdirection of the services they provide”
What is Cyber Security?
7. • Application Security
• Network Security
• Penetration Testing
• Digital Forensics & Incident Response
• Vulnerability Research & Malware Analysis
• SOC Analyst
• IT GRC
What are the career options available?
8. • Application security encompasses measures taken to improve
the security of an application often by finding, fixing and
preventing security vulnerabilities
• In One Sentence “Finding Security Loopholes in Applications”
Application Security
9. • Software Engineering
• Web Technologies
• Application Development & Programming
Skills/Subjects that matter in Application Security
10. • Network security consists of the policies and practices
adopted to prevent and monitor unauthorized access,
misuse, modification, or denial of a computer network and
network-accessible resources.
• In One Sentence “Network security is any activity designed
to protect the usability and integrity of your network and
data.”
Network Security
11. • Computer Networks
• Cryptography
• Network Programming
Skills/Subjects that matter in Network Security
12. • A penetration test, colloquially known as a pen test, pen test or
ethical hacking, is an authorized simulated cyberattack on a
computer system, performed to evaluate the security of the
system.
• In One Sentence “Pen testing involves ethical hackers scaling
planned attacks against a company's security infrastructure to
hunt down security vulnerabilities”
Penetration Testing
13. • Software Engineering
• Computer Network
• Vulnerability Assessment & Exploit
Development
• Ability to Write Code and Scripts
Skills/Subjects that matter in Penetration Testing
14. • Digital forensics is the collection and examination of digital evidence
residing on electronic devices and the subsequent response to threats
and attacks. After examining the evidence and putting together the
puzzle, incident response comes into the equation. The goal is to first
contain the problem so it doesn’t spread to other devices, minimizing
the number of endpoints that are affected. The next step is to
eliminate the cause of the problem - this could include malware,
unauthorized access to the network infrastructure, or compromised
accounts, among other malicious tactics.
• In One Sentence “the exciting science of taking all manner of digital
devices and finding out what it’s done, when it was done, who did it
and stopping everyone else who is going to do”
Forensics Analyst/Incident Analyst
15. • Computer Architecture
• Computer Networks
• File Systems
• Detailed understanding of how different
components of the systems are working
Skills/Subjects that matter in Penetration Testing
16. • Vulnerability Research is the process by which security flaws in
technology are identified.
• Malware Analysis is the process of determining the purpose and
components of a given file sample.
Vulnerability Research & Malware Analysis
17. • Computer Architecture
• Computer Networks
• File Systems
• Extensive knowledge of C/C++, python, assembly language or
additional scripting and programming languages.
• Experience involving WinDbg or OllyDbg, BinDiff and IDA Pro.
• In-depth knowledge of various TCP and/or IP protocols (sometimes a
specific focus is required on CIFS, MSRPC and SMB).
• Experience with signature development and penetration testing,
along with writing exploit code.
• Knowledge of fault injection frameworks or fuzzing and virtualization.
Skills/Subjects that matter in VR & Malware
Analysis
18. • ‘SOC’ stands for Security Operations Centre. Analysts in Security
Operations role encompasses “providing situational awareness
through the detection, containment, and remediation of IT threats.
• In One Sentence “SOC Analyst is responsible what’s going on, why
and how to stop it.”
SOC Analyst
19. • Security Information and Event Management (SIEM)
• TCP/IP, computer networking, routing and switching
• C, C++, Python programming languages
• IDS/IPS, penetration and vulnerability testing
• Firewall and intrusion detection/prevention protocols
• Windows, UNIX and Linux operating systems
• Network protocols and packet analysis tools
Skills/Subjects that matter for SOC Analyst
20. • In the IT environment, GRC has three main components:
• Governance: Ensuring that organizational activities, like managing IT
operations, are aligned in a way that supports the organization's business
goals.
• Risk: Making sure that any risk (or opportunity) associated with
organizational activities is identified and addressed in a way that
supports the organization's business goals. In the IT context, this means
having a comprehensive IT risk management process that rolls into an
organization's enterprise risk management function.
• Compliance: Making sure that organizational activities are operated in a
way that meets the laws and regulations impacting those systems. In the
IT context, this means making sure that IT systems, and the data
contained in those systems, are used and secured properly.
IT GRC
21. • Information Technology, ITIL
• Understanding of legal and regulatory compliance standards such
as PCI-DSS, SOX, GDPR, HIPAA etc.
• Understanding of ISMS and security frameworks, particularly
NIST Cybersecurity Framework, ISO27001.
• Strong understanding of fundamental information security
concepts and technology.
Skills/Subjects that matter for SOC Analyst
23. What you will learn in your course
Year 2
Penetration and
Digital Forensics
VAPT, Digital
Forensics
Secure Programming
Scripting Language,
Secure Coding and
Vulnerabilities,
Python
Year 3
Malware Analysis
Malware Analysis and
Reverse Engineering,
Risk Analysis and
Assessment
Network and Web
Security
Network Security,
Web and Mobile
Security, Blockchain
24. Thank You 24
Deep Shankar Yadav
https://www.deepshankaryadav.com
mail@deepshankaryadav.com