Cybersecurity Career Academy Thomas Nudd Chief Information
11 Slides420.55 KB
Cybersecurity Career Academy Thomas Nudd Chief Information Security Officer - USNH
Agenda My Cybersecurity Career Path What is Cybersecurity? Business is Booming! What are the Different Roles? So you want to be a Cyber Pro? What are some resources to learn from? Ok, I have learned some things, how do I prove it? The Big Reveal! Disclaimer – Slides contain my thoughts and opinions based on my career experiences 2
My Cybersecurity Career Path BS – Marketing and International Business – UMaine Marketing Intern – Stonewall Kitchen Market Management – Liberty Mutual MBA – SNHU ------ Re-Org ------ Cybersecurity Career Begins MS Information Assurance – Norwich University Vuln Management - Log Management - Incident Response - SysAdmin - Cybersecurity Engineer - Building a SOC - Director of Cybersecurity Engineering - Director of Cloud Security Engineering - CISO USNH. 3
What is Cybersecurity? “Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.” - CISA Security Hacker: https://en.wikipedia.org/wiki/Security hacker https://en.wikipedia.org/wiki/List of security hacking incidents Computer Security: https://en.wikipedia.org/wiki/Computer security Books: Cult of the Dead Cow Ghost In The Wires The Cuckoos’s Egg The Fifth Domain Counter Hack Reloaded 4
Business is Booming! “Cybersecurity workers protect our most important and private information, from bank accounts to sensitive military communications.” Cyberseek Project supported by The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST) 5
Specialized Job Roles in Cybersecurity Cybersecurity Engineer Cybersecurity Risk Analyst Privacy Analyst / Engineer Cybersecurity Compliance Analyst Cybersecurity Incident Responder Cybersecurity Vulnerability Analyst Security Operations Center (SOC) Engineer / Blue Team Penetration Tester / Certified Ethical Hacker (CEH) / Red Team Cybersecurity Threat Analyst Cybersecurity Developer Cybersecurity Data Scientist Cybersecurity Leadership BISO / CISO / CSO 6
So You Want to be a Cyber Pro? Key Traits I Look For When Hiring (In Priority Order) Ability to lead complex initiatives and diverse groups of people Ability to solve complex problems under pressure Decisiveness Ability to communicate clearly Proactiveness and willingness to learn Ability to work through adversity Foundational technical skillset Cybersecurity technical skillset 7
Resources (Free!) CIS - The Center for Internet Security is an independent, nonprofit organization with a mission to create confidence in the connected world. CIS Top 20 Hardening Templates NIST - The National Institute of Standards and Technology is a physical sciences laboratory and non-regulatory agency of the United States Department of Commerce. NIST CSF NIST 800 - 53 CISA - The Cybersecurity and Infrastructure Security Agency leads the Nation’s strategic and unified work to strengthen the security, resilience, and workforce of the cyber ecosystem to protect critical services and American way of life. Referential Guidance OWASP - The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP Top 10 8
More Resources (Free!) CSA - The Cloud Security Alliance is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. White Papers and Referential Guidance SANS Institute – The SysAdmin, Audit, Network, and Security Institute offers comprehensive, intensive training designed to help anyone, from auditors to CIOs to defend systems and networks against the most dangerous threats. Internet Storm Center Reading Room Private Tech Industry – Microsoft, Amazon, Verizon, Google, Cisco, VMware, IBM Published white papers, reference architectures, comprehensive documentation, RTFM. Cybersecurity News Outlets – Krebs, IT Security Guru, Security Weekly, Hacker News, Blogs Free Tools and YouTube – Download them, Watch and Learn! 9
Ok I Have Learned a Bit, How Can I Prove It? Be Proactive and APPLY THY KNOWLEDGE Projects Labs Personal Life @Work Certifications SANS ISC 2 CSA CEH ISACA CompTIA Higher Education 10
The Big Reveal You Already Are A Cybersecurity Professional. You Are Our First Line of Defense. Thank you! 11