2017年12月10日 - Birds of a Feather ( 簡稱BoF ),語意上是指鳥類會與相同類型的鳥群一起飛翔,之後衍伸為讓志同道合的人們聚集在一起或舉辦非正式聚會。
https://hitcon-girls.blogspot.tw/2017/12/Birds-of-a-Feather.html
4. Entry
Security+
Network+
Certified Ethical
Hacker (CEH)
SSCP
GIAC entry
levels
Mid
GIAC - GCIH
ISC2 - CAP
Certificated
Information
Security Auditor
(CISA)
Certificated
Information
Security Manager
(CISM)
Certificated
Information
Privacy
Professional (CIPP)
Advance
GIAC – GPEN,
GWAPT, etc.
ISC2 – CISSP
EC-Council –
Licensed
Penetration
Tester(LPT)
GIAC – GIAC
Security
Essential (GSE)
Super
Advance
GXPEN
OSCP
OSCE
Any exploit
finding skills
More
2nd language skill
Firewall cert
•CheckPoint
•Palo Alto
•Juniper
•Cisco
End Point
•Carbon Block
•Symantec
•Trend Micro
•McAfee
Wireshark
5. APPLICATION SECURITY
Skills
1) Advance level programming skill in at
least one language
1) Java, C++, JavaScript,,C#, Swift,
etc…
2) Minimal - Know how to check for and
defence against OWASP top 10
3) Minimal – Know Burp Suite.
4) Writing secure DLL
5) Static code review
6) Dynamic code review
7) Web Application Firewall
8) Regex
6. NETWORK SECURITY
• Mainly managing firewall
• Sometime Network IDS, IPS
• Know at least one large FW products – Palo Alto, CheckPoint, Juniper,
Cisco, etc.
• Networking (TCP/IP)
• Network architecture
• Hardware/software offerings
• Architecture
• Products
• Wireshark/TCPdump
• Clean after yourself
• On call
7. RISK MANAGEMENT
• Situation awareness
• Projects
• Company direction
• Current market trend
• Be able to understand
technical vulnerability and
threat
• Review policies
• Security policy
• Firewall
• Configuration standards
• Various audit reports
• Asset Management
• Risk evaluation
• Acceptance
• Exception
• Mitigation
• Remediation
• Transfer
• Cyber Insurance
10. STORY TIME (CASE STUDIES)
•USB Phishing attack
•Why we did it
•How it help company advance
11. WHAT IS LACKING?
• Engineers
• Deep understand of different tools both commercial and
open source
• Specific domain knowledge
• Enthusiastic people
• Ignore vulnerability
13. RECOMMENDED SOFT SKILLS
• Looks at things from attacker’s perspective
• Think technical vulnerabilities translating to fixing process
vulnerabilities
• Lead and hold effective meetings
• Ability to translate technical issues (vulnerability, threat, attack
methods) to business risk