SlideShare a Scribd company logo
1 of 13
Download to read offline
#WHOAMI
-Howard Tsui
-Senior Threat and Vulnerability Management
Engineer
-Financial industry in the United States
CISO
RIsk
Awareness
training
Security
project mgmt
Metric and
Report
Security
Operation
Network
Security
End Point
Security
Cloud Security
Threat and
Vulnerability
Vulnerability
Management
Security
Operation
Center
Threat Intel
Forensic
Incident
Responds
Pentes / Red
Team
Fraud
Physical
Security
BC/DR
BC
DR
Detect
Prioritize
ReportRemediate
Verification
Entry
Security+
Network+
Certified Ethical
Hacker (CEH)
SSCP
GIAC entry
levels
Mid
GIAC - GCIH
ISC2 - CAP
Certificated
Information
Security Auditor
(CISA)
Certificated
Information
Security Manager
(CISM)
Certificated
Information
Privacy
Professional (CIPP)
Advance
GIAC – GPEN,
GWAPT, etc.
ISC2 – CISSP
EC-Council –
Licensed
Penetration
Tester(LPT)
GIAC – GIAC
Security
Essential (GSE)
Super
Advance
GXPEN
OSCP
OSCE
Any exploit
finding skills
More
2nd language skill
Firewall cert
•CheckPoint
•Palo Alto
•Juniper
•Cisco
End Point
•Carbon Block
•Symantec
•Trend Micro
•McAfee
Wireshark
APPLICATION SECURITY
Skills
1) Advance level programming skill in at
least one language
1) Java, C++, JavaScript,,C#, Swift,
etc…
2) Minimal - Know how to check for and
defence against OWASP top 10
3) Minimal – Know Burp Suite.
4) Writing secure DLL
5) Static code review
6) Dynamic code review
7) Web Application Firewall
8) Regex
NETWORK SECURITY
• Mainly managing firewall
• Sometime Network IDS, IPS
• Know at least one large FW products – Palo Alto, CheckPoint, Juniper,
Cisco, etc.
• Networking (TCP/IP)
• Network architecture
• Hardware/software offerings
• Architecture
• Products
• Wireshark/TCPdump
• Clean after yourself
• On call
RISK MANAGEMENT
• Situation awareness
• Projects
• Company direction
• Current market trend
• Be able to understand
technical vulnerability and
threat
• Review policies
• Security policy
• Firewall
• Configuration standards
• Various audit reports
• Asset Management
• Risk evaluation
• Acceptance
• Exception
• Mitigation
• Remediation
• Transfer
• Cyber Insurance
EXTERNAL RESOURCES
• NIST CyberSeek
• http://cyberseek.org/pathway.html
• SANS
• https://www.giac.org/certifications/get-certified/roadmap
• Offensive Security
• https://www.offensive-security.com/information-security-certifications/
• DerbyCon
• https://www.derbycon.com/training-courses-2017/#IMMERSION
• Defcon Workshops
• https://www.defcon.org/html/defcon-25/dc-25-workshops.html
• Safari Book Online
• https://www.safaribooksonline.com/
• Cybrary
• https://www.cybrary.it/0p3n/interactive-cyber-security-career-roadmap/
• ISACA
• http://www.isaca.org/CERTIFICATION/Pages/default.aspx
• ISC2
• https://www.isc2.org/Certifications/CISSP
$90,000
STORY TIME (CASE STUDIES)
•USB Phishing attack
•Why we did it
•How it help company advance
WHAT IS LACKING?
• Engineers
• Deep understand of different tools both commercial and
open source
• Specific domain knowledge
• Enthusiastic people
• Ignore vulnerability
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
RECOMMENDED SOFT SKILLS
• Looks at things from attacker’s perspective
• Think technical vulnerabilities translating to fixing process
vulnerabilities
• Lead and hold effective meetings
• Ability to translate technical issues (vulnerability, threat, attack
methods) to business risk

More Related Content

What's hot

Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeDragos, Inc.
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021lior mazor
 
The Four Types of Threat Detection and Use Cases in Industrial Security
The Four Types of Threat Detection and Use Cases in Industrial SecurityThe Four Types of Threat Detection and Use Cases in Industrial Security
The Four Types of Threat Detection and Use Cases in Industrial SecurityDragos, Inc.
 
2018 CISSP Mentor Program Session 2
2018 CISSP Mentor Program Session 22018 CISSP Mentor Program Session 2
2018 CISSP Mentor Program Session 2FRSecure
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Puneet Kukreja
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions  How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions Dragos, Inc.
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see   illuminating the entire kill chainYou can't detect what you can't see   illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityPriyanka Aash
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityPriyanka Aash
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Fidelis Cybersecurity
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseRahul Neel Mani
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
 
How Long to Boom: Understanding and Measuring ICS Hacker Maturity
How Long to Boom: Understanding and Measuring ICS Hacker MaturityHow Long to Boom: Understanding and Measuring ICS Hacker Maturity
How Long to Boom: Understanding and Measuring ICS Hacker MaturityDragos, Inc.
 

What's hot (20)

Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and PracticeMeet Me in the Middle: Threat Indications and Warning in Principle and Practice
Meet Me in the Middle: Threat Indications and Warning in Principle and Practice
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
The Four Types of Threat Detection and Use Cases in Industrial Security
The Four Types of Threat Detection and Use Cases in Industrial SecurityThe Four Types of Threat Detection and Use Cases in Industrial Security
The Four Types of Threat Detection and Use Cases in Industrial Security
 
2018 CISSP Mentor Program Session 2
2018 CISSP Mentor Program Session 22018 CISSP Mentor Program Session 2
2018 CISSP Mentor Program Session 2
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019
 
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
 
How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions  How to Respond to Industrial Intrusions
How to Respond to Industrial Intrusions
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see   illuminating the entire kill chainYou can't detect what you can't see   illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chain
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum Security
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacks
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)
 
How Long to Boom: Understanding and Measuring ICS Hacker Maturity
How Long to Boom: Understanding and Measuring ICS Hacker MaturityHow Long to Boom: Understanding and Measuring ICS Hacker Maturity
How Long to Boom: Understanding and Measuring ICS Hacker Maturity
 

Similar to Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard

National Cyber Security Crypto Program
National Cyber Security Crypto ProgramNational Cyber Security Crypto Program
National Cyber Security Crypto ProgramJorge Sebastiao
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security IntelligenceSplunk
 
Level up your SOC - Guide for a Resilient Education Program.pdf
Level up your SOC - Guide for a Resilient Education Program.pdfLevel up your SOC - Guide for a Resilient Education Program.pdf
Level up your SOC - Guide for a Resilient Education Program.pdfBrandon DeVault
 
Pen test free_01_2012
Pen test free_01_2012Pen test free_01_2012
Pen test free_01_2012Amiga Utomo
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionShah Sheikh
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Kyle Lai
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Chris Gates
 
Core security utcpresentation962012
Core security utcpresentation962012Core security utcpresentation962012
Core security utcpresentation962012Seema Sheth-Voss
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0Ferenc Fresz
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure ProtectionPriyanka Aash
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
Offensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agendaOffensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agendaShivamSharma909
 
Offensive cyber security engineer
Offensive cyber security engineerOffensive cyber security engineer
Offensive cyber security engineerShivamSharma909
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updatedInfosecTrain
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in CybersecurityTeri Radichel
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development pathsChelsea Jarvie
 

Similar to Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard (20)

National Cyber Security Crypto Program
National Cyber Security Crypto ProgramNational Cyber Security Crypto Program
National Cyber Security Crypto Program
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
 
Level up your SOC - Guide for a Resilient Education Program.pdf
Level up your SOC - Guide for a Resilient Education Program.pdfLevel up your SOC - Guide for a Resilient Education Program.pdf
Level up your SOC - Guide for a Resilient Education Program.pdf
 
Pen test free_01_2012
Pen test free_01_2012Pen test free_01_2012
Pen test free_01_2012
 
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS SolutionGISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
GISEC 2015 Your Network in the Eyes of a Hacker - DTS Solution
 
CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04CyberSecurity - UH IEEE Presentation 2015-04
CyberSecurity - UH IEEE Presentation 2015-04
 
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
Cyber Hacking & Security - IEEE - Univ of Houston 2015-04
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
 
Core security utcpresentation962012
Core security utcpresentation962012Core security utcpresentation962012
Core security utcpresentation962012
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Resume - Varsharani
Resume - VarsharaniResume - Varsharani
Resume - Varsharani
 
Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0
 
For Critical Infrastructure Protection
For Critical Infrastructure ProtectionFor Critical Infrastructure Protection
For Critical Infrastructure Protection
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
 
Offensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agendaOffensive cyber security engineer pragram course agenda
Offensive cyber security engineer pragram course agenda
 
Offensive cyber security engineer
Offensive cyber security engineerOffensive cyber security engineer
Offensive cyber security engineer
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in Cybersecurity
 
cybersecurity-careers.pdf
cybersecurity-careers.pdfcybersecurity-careers.pdf
cybersecurity-careers.pdf
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development paths
 

More from HITCON GIRLS

20200810_資訊洩漏所帶來的資安問題_turkey
20200810_資訊洩漏所帶來的資安問題_turkey20200810_資訊洩漏所帶來的資安問題_turkey
20200810_資訊洩漏所帶來的資安問題_turkeyHITCON GIRLS
 
CYBERSEC 2020 臺灣資安大會 windows malware hot 5 - 短短
CYBERSEC 2020 臺灣資安大會 windows malware hot 5  - 短短CYBERSEC 2020 臺灣資安大會 windows malware hot 5  - 短短
CYBERSEC 2020 臺灣資安大會 windows malware hot 5 - 短短HITCON GIRLS
 
HITCON CTF 介紹 - HG 導覽活動
HITCON CTF 介紹 - HG 導覽活動HITCON CTF 介紹 - HG 導覽活動
HITCON CTF 介紹 - HG 導覽活動HITCON GIRLS
 
HITCON CTF 2019 特色 - HG 導覽活動
HITCON CTF 2019 特色 - HG 導覽活動HITCON CTF 2019 特色 - HG 導覽活動
HITCON CTF 2019 特色 - HG 導覽活動HITCON GIRLS
 
HITCON CTF 2017 特色 - HG 導覽活動
HITCON CTF 2017 特色 - HG 導覽活動HITCON CTF 2017 特色 - HG 導覽活動
HITCON CTF 2017 特色 - HG 導覽活動HITCON GIRLS
 
HITCON CTF 2016 特色 - HG 導覽活動
HITCON CTF 2016 特色 - HG 導覽活動HITCON CTF 2016 特色 - HG 導覽活動
HITCON CTF 2016 特色 - HG 導覽活動HITCON GIRLS
 
iThome 資安大會 2019 資安大會_AI 的逆襲,眼見真的為憑嗎? - Turkey&Melody.pdf
iThome 資安大會 2019 資安大會_AI 的逆襲,眼見真的為憑嗎? - Turkey&Melody.pdfiThome 資安大會 2019 資安大會_AI 的逆襲,眼見真的為憑嗎? - Turkey&Melody.pdf
iThome 資安大會 2019 資安大會_AI 的逆襲,眼見真的為憑嗎? - Turkey&Melody.pdfHITCON GIRLS
 
iThome 資安大會 2019 駭客如何利用公開工具在內部網路中暢行無阻 - YCY.pdf
iThome 資安大會 2019 駭客如何利用公開工具在內部網路中暢行無阻 - YCY.pdfiThome 資安大會 2019 駭客如何利用公開工具在內部網路中暢行無阻 - YCY.pdf
iThome 資安大會 2019 駭客如何利用公開工具在內部網路中暢行無阻 - YCY.pdfHITCON GIRLS
 
Birds of a Feather 2017: 邀請分享 Light Up The Korean DarkWeb - Dasom Kim
Birds of a Feather 2017: 邀請分享 Light Up The Korean DarkWeb - Dasom KimBirds of a Feather 2017: 邀請分享 Light Up The Korean DarkWeb - Dasom Kim
Birds of a Feather 2017: 邀請分享 Light Up The Korean DarkWeb - Dasom KimHITCON GIRLS
 
Birds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - Aaron
Birds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - AaronBirds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - Aaron
Birds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - AaronHITCON GIRLS
 
未來大人物【互動工作坊】社群網路滲透生活,我們如何保護個資不外洩 蜘子珣&Turkey
未來大人物【互動工作坊】社群網路滲透生活,我們如何保護個資不外洩 蜘子珣&Turkey未來大人物【互動工作坊】社群網路滲透生活,我們如何保護個資不外洩 蜘子珣&Turkey
未來大人物【互動工作坊】社群網路滲透生活,我們如何保護個資不外洩 蜘子珣&TurkeyHITCON GIRLS
 
HITCON GIRLS 資安萌芽推廣 2017: 從 CVE 找材料
HITCON GIRLS 資安萌芽推廣 2017: 從 CVE 找材料HITCON GIRLS 資安萌芽推廣 2017: 從 CVE 找材料
HITCON GIRLS 資安萌芽推廣 2017: 從 CVE 找材料HITCON GIRLS
 
HITCON GIRLS 資安萌芽推廣 2017: 你知道你連線的網站黑黑的嗎
HITCON GIRLS 資安萌芽推廣 2017: 你知道你連線的網站黑黑的嗎HITCON GIRLS 資安萌芽推廣 2017: 你知道你連線的網站黑黑的嗎
HITCON GIRLS 資安萌芽推廣 2017: 你知道你連線的網站黑黑的嗎HITCON GIRLS
 
HITCON GIRLS 資安萌芽推廣 2017: 密碼學深入淺出 阿毛 - 台科資管碩士生&圓圓 - 台科資管碩士生
HITCON GIRLS 資安萌芽推廣 2017: 密碼學深入淺出 阿毛 - 台科資管碩士生&圓圓 - 台科資管碩士生HITCON GIRLS 資安萌芽推廣 2017: 密碼學深入淺出 阿毛 - 台科資管碩士生&圓圓 - 台科資管碩士生
HITCON GIRLS 資安萌芽推廣 2017: 密碼學深入淺出 阿毛 - 台科資管碩士生&圓圓 - 台科資管碩士生HITCON GIRLS
 
HITCON GIRLS 資安萌芽推廣 2017: 探索駭客的世界 - Turkey
HITCON GIRLS 資安萌芽推廣 2017: 探索駭客的世界 - TurkeyHITCON GIRLS 資安萌芽推廣 2017: 探索駭客的世界 - Turkey
HITCON GIRLS 資安萌芽推廣 2017: 探索駭客的世界 - TurkeyHITCON GIRLS
 
HITCON GIRLS 資安萌芽推廣 2017: 還能不能好好玩遊戲了
HITCON GIRLS 資安萌芽推廣 2017: 還能不能好好玩遊戲了HITCON GIRLS 資安萌芽推廣 2017: 還能不能好好玩遊戲了
HITCON GIRLS 資安萌芽推廣 2017: 還能不能好好玩遊戲了HITCON GIRLS
 
HITCON GIRLS 資安萌芽推廣 2017: 從研究生轉職資安工程師 - 蜘子珣
HITCON GIRLS 資安萌芽推廣 2017: 從研究生轉職資安工程師 - 蜘子珣HITCON GIRLS 資安萌芽推廣 2017: 從研究生轉職資安工程師 - 蜘子珣
HITCON GIRLS 資安萌芽推廣 2017: 從研究生轉職資安工程師 - 蜘子珣HITCON GIRLS
 
HITCON GIRLS 資安萌芽推廣 2017: 資安工作很酷嘛?當然! - Belinda
HITCON GIRLS 資安萌芽推廣 2017: 資安工作很酷嘛?當然! - BelindaHITCON GIRLS 資安萌芽推廣 2017: 資安工作很酷嘛?當然! - Belinda
HITCON GIRLS 資安萌芽推廣 2017: 資安工作很酷嘛?當然! - BelindaHITCON GIRLS
 
HITCON CTF 2016導覽
HITCON CTF 2016導覽HITCON CTF 2016導覽
HITCON CTF 2016導覽HITCON GIRLS
 
Android Hook - Xposed Framework (Elven Liu)
Android Hook - Xposed Framework (Elven Liu)Android Hook - Xposed Framework (Elven Liu)
Android Hook - Xposed Framework (Elven Liu)HITCON GIRLS
 

More from HITCON GIRLS (20)

20200810_資訊洩漏所帶來的資安問題_turkey
20200810_資訊洩漏所帶來的資安問題_turkey20200810_資訊洩漏所帶來的資安問題_turkey
20200810_資訊洩漏所帶來的資安問題_turkey
 
CYBERSEC 2020 臺灣資安大會 windows malware hot 5 - 短短
CYBERSEC 2020 臺灣資安大會 windows malware hot 5  - 短短CYBERSEC 2020 臺灣資安大會 windows malware hot 5  - 短短
CYBERSEC 2020 臺灣資安大會 windows malware hot 5 - 短短
 
HITCON CTF 介紹 - HG 導覽活動
HITCON CTF 介紹 - HG 導覽活動HITCON CTF 介紹 - HG 導覽活動
HITCON CTF 介紹 - HG 導覽活動
 
HITCON CTF 2019 特色 - HG 導覽活動
HITCON CTF 2019 特色 - HG 導覽活動HITCON CTF 2019 特色 - HG 導覽活動
HITCON CTF 2019 特色 - HG 導覽活動
 
HITCON CTF 2017 特色 - HG 導覽活動
HITCON CTF 2017 特色 - HG 導覽活動HITCON CTF 2017 特色 - HG 導覽活動
HITCON CTF 2017 特色 - HG 導覽活動
 
HITCON CTF 2016 特色 - HG 導覽活動
HITCON CTF 2016 特色 - HG 導覽活動HITCON CTF 2016 特色 - HG 導覽活動
HITCON CTF 2016 特色 - HG 導覽活動
 
iThome 資安大會 2019 資安大會_AI 的逆襲,眼見真的為憑嗎? - Turkey&Melody.pdf
iThome 資安大會 2019 資安大會_AI 的逆襲,眼見真的為憑嗎? - Turkey&Melody.pdfiThome 資安大會 2019 資安大會_AI 的逆襲,眼見真的為憑嗎? - Turkey&Melody.pdf
iThome 資安大會 2019 資安大會_AI 的逆襲,眼見真的為憑嗎? - Turkey&Melody.pdf
 
iThome 資安大會 2019 駭客如何利用公開工具在內部網路中暢行無阻 - YCY.pdf
iThome 資安大會 2019 駭客如何利用公開工具在內部網路中暢行無阻 - YCY.pdfiThome 資安大會 2019 駭客如何利用公開工具在內部網路中暢行無阻 - YCY.pdf
iThome 資安大會 2019 駭客如何利用公開工具在內部網路中暢行無阻 - YCY.pdf
 
Birds of a Feather 2017: 邀請分享 Light Up The Korean DarkWeb - Dasom Kim
Birds of a Feather 2017: 邀請分享 Light Up The Korean DarkWeb - Dasom KimBirds of a Feather 2017: 邀請分享 Light Up The Korean DarkWeb - Dasom Kim
Birds of a Feather 2017: 邀請分享 Light Up The Korean DarkWeb - Dasom Kim
 
Birds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - Aaron
Birds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - AaronBirds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - Aaron
Birds of a Feather 2017: 邀請分享 IoT, SDR, and Car Security - Aaron
 
未來大人物【互動工作坊】社群網路滲透生活,我們如何保護個資不外洩 蜘子珣&Turkey
未來大人物【互動工作坊】社群網路滲透生活,我們如何保護個資不外洩 蜘子珣&Turkey未來大人物【互動工作坊】社群網路滲透生活,我們如何保護個資不外洩 蜘子珣&Turkey
未來大人物【互動工作坊】社群網路滲透生活,我們如何保護個資不外洩 蜘子珣&Turkey
 
HITCON GIRLS 資安萌芽推廣 2017: 從 CVE 找材料
HITCON GIRLS 資安萌芽推廣 2017: 從 CVE 找材料HITCON GIRLS 資安萌芽推廣 2017: 從 CVE 找材料
HITCON GIRLS 資安萌芽推廣 2017: 從 CVE 找材料
 
HITCON GIRLS 資安萌芽推廣 2017: 你知道你連線的網站黑黑的嗎
HITCON GIRLS 資安萌芽推廣 2017: 你知道你連線的網站黑黑的嗎HITCON GIRLS 資安萌芽推廣 2017: 你知道你連線的網站黑黑的嗎
HITCON GIRLS 資安萌芽推廣 2017: 你知道你連線的網站黑黑的嗎
 
HITCON GIRLS 資安萌芽推廣 2017: 密碼學深入淺出 阿毛 - 台科資管碩士生&圓圓 - 台科資管碩士生
HITCON GIRLS 資安萌芽推廣 2017: 密碼學深入淺出 阿毛 - 台科資管碩士生&圓圓 - 台科資管碩士生HITCON GIRLS 資安萌芽推廣 2017: 密碼學深入淺出 阿毛 - 台科資管碩士生&圓圓 - 台科資管碩士生
HITCON GIRLS 資安萌芽推廣 2017: 密碼學深入淺出 阿毛 - 台科資管碩士生&圓圓 - 台科資管碩士生
 
HITCON GIRLS 資安萌芽推廣 2017: 探索駭客的世界 - Turkey
HITCON GIRLS 資安萌芽推廣 2017: 探索駭客的世界 - TurkeyHITCON GIRLS 資安萌芽推廣 2017: 探索駭客的世界 - Turkey
HITCON GIRLS 資安萌芽推廣 2017: 探索駭客的世界 - Turkey
 
HITCON GIRLS 資安萌芽推廣 2017: 還能不能好好玩遊戲了
HITCON GIRLS 資安萌芽推廣 2017: 還能不能好好玩遊戲了HITCON GIRLS 資安萌芽推廣 2017: 還能不能好好玩遊戲了
HITCON GIRLS 資安萌芽推廣 2017: 還能不能好好玩遊戲了
 
HITCON GIRLS 資安萌芽推廣 2017: 從研究生轉職資安工程師 - 蜘子珣
HITCON GIRLS 資安萌芽推廣 2017: 從研究生轉職資安工程師 - 蜘子珣HITCON GIRLS 資安萌芽推廣 2017: 從研究生轉職資安工程師 - 蜘子珣
HITCON GIRLS 資安萌芽推廣 2017: 從研究生轉職資安工程師 - 蜘子珣
 
HITCON GIRLS 資安萌芽推廣 2017: 資安工作很酷嘛?當然! - Belinda
HITCON GIRLS 資安萌芽推廣 2017: 資安工作很酷嘛?當然! - BelindaHITCON GIRLS 資安萌芽推廣 2017: 資安工作很酷嘛?當然! - Belinda
HITCON GIRLS 資安萌芽推廣 2017: 資安工作很酷嘛?當然! - Belinda
 
HITCON CTF 2016導覽
HITCON CTF 2016導覽HITCON CTF 2016導覽
HITCON CTF 2016導覽
 
Android Hook - Xposed Framework (Elven Liu)
Android Hook - Xposed Framework (Elven Liu)Android Hook - Xposed Framework (Elven Liu)
Android Hook - Xposed Framework (Elven Liu)
 

Recently uploaded

ChatGPT-and-Generative-AI-Landscape Working of generative ai search
ChatGPT-and-Generative-AI-Landscape Working of generative ai searchChatGPT-and-Generative-AI-Landscape Working of generative ai search
ChatGPT-and-Generative-AI-Landscape Working of generative ai searchrohitcse52
 
The relationship between iot and communication technology
The relationship between iot and communication technologyThe relationship between iot and communication technology
The relationship between iot and communication technologyabdulkadirmukarram03
 
Clutches and brkesSelect any 3 position random motion out of real world and d...
Clutches and brkesSelect any 3 position random motion out of real world and d...Clutches and brkesSelect any 3 position random motion out of real world and d...
Clutches and brkesSelect any 3 position random motion out of real world and d...sahb78428
 
How to Write a Good Scientific Paper.pdf
How to Write a Good Scientific Paper.pdfHow to Write a Good Scientific Paper.pdf
How to Write a Good Scientific Paper.pdfRedhwan Qasem Shaddad
 
دليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide Laboratory
دليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide Laboratoryدليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide Laboratory
دليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide LaboratoryBahzad5
 
Graphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesGraphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesDIPIKA83
 
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docxSUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docxNaveenVerma126
 
Design of Clutches and Brakes in Design of Machine Elements.pptx
Design of Clutches and Brakes in Design of Machine Elements.pptxDesign of Clutches and Brakes in Design of Machine Elements.pptx
Design of Clutches and Brakes in Design of Machine Elements.pptxYogeshKumarKJMIT
 
IT3401-WEB ESSENTIALS PRESENTATIONS.pptx
IT3401-WEB ESSENTIALS PRESENTATIONS.pptxIT3401-WEB ESSENTIALS PRESENTATIONS.pptx
IT3401-WEB ESSENTIALS PRESENTATIONS.pptxSAJITHABANUS
 
GENERAL CONDITIONS FOR CONTRACTS OF CIVIL ENGINEERING WORKS
GENERAL CONDITIONS  FOR  CONTRACTS OF CIVIL ENGINEERING WORKS GENERAL CONDITIONS  FOR  CONTRACTS OF CIVIL ENGINEERING WORKS
GENERAL CONDITIONS FOR CONTRACTS OF CIVIL ENGINEERING WORKS Bahzad5
 
Lecture 1: Basics of trigonometry (surveying)
Lecture 1: Basics of trigonometry (surveying)Lecture 1: Basics of trigonometry (surveying)
Lecture 1: Basics of trigonometry (surveying)Bahzad5
 
Landsman converter for power factor improvement
Landsman converter for power factor improvementLandsman converter for power factor improvement
Landsman converter for power factor improvementVijayMuni2
 
Nodal seismic construction requirements.pptx
Nodal seismic construction requirements.pptxNodal seismic construction requirements.pptx
Nodal seismic construction requirements.pptxwendy cai
 
Transforming Process Safety Management: Challenges, Benefits, and Transition ...
Transforming Process Safety Management: Challenges, Benefits, and Transition ...Transforming Process Safety Management: Challenges, Benefits, and Transition ...
Transforming Process Safety Management: Challenges, Benefits, and Transition ...soginsider
 
Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...
Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...
Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...amrabdallah9
 
nvidia AI-gtc 2024 partial slide deck.pptx
nvidia AI-gtc 2024 partial slide deck.pptxnvidia AI-gtc 2024 partial slide deck.pptx
nvidia AI-gtc 2024 partial slide deck.pptxjasonsedano2
 

Recently uploaded (20)

Litature Review: Research Paper work for Engineering
Litature Review: Research Paper work for EngineeringLitature Review: Research Paper work for Engineering
Litature Review: Research Paper work for Engineering
 
ChatGPT-and-Generative-AI-Landscape Working of generative ai search
ChatGPT-and-Generative-AI-Landscape Working of generative ai searchChatGPT-and-Generative-AI-Landscape Working of generative ai search
ChatGPT-and-Generative-AI-Landscape Working of generative ai search
 
The relationship between iot and communication technology
The relationship between iot and communication technologyThe relationship between iot and communication technology
The relationship between iot and communication technology
 
Clutches and brkesSelect any 3 position random motion out of real world and d...
Clutches and brkesSelect any 3 position random motion out of real world and d...Clutches and brkesSelect any 3 position random motion out of real world and d...
Clutches and brkesSelect any 3 position random motion out of real world and d...
 
How to Write a Good Scientific Paper.pdf
How to Write a Good Scientific Paper.pdfHow to Write a Good Scientific Paper.pdf
How to Write a Good Scientific Paper.pdf
 
دليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide Laboratory
دليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide Laboratoryدليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide Laboratory
دليل تجارب الاسفلت المختبرية - Asphalt Experiments Guide Laboratory
 
Graphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesGraphics Primitives and CG Display Devices
Graphics Primitives and CG Display Devices
 
Présentation IIRB 2024 Chloe Dufrane.pdf
Présentation IIRB 2024 Chloe Dufrane.pdfPrésentation IIRB 2024 Chloe Dufrane.pdf
Présentation IIRB 2024 Chloe Dufrane.pdf
 
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docxSUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
 
Design of Clutches and Brakes in Design of Machine Elements.pptx
Design of Clutches and Brakes in Design of Machine Elements.pptxDesign of Clutches and Brakes in Design of Machine Elements.pptx
Design of Clutches and Brakes in Design of Machine Elements.pptx
 
IT3401-WEB ESSENTIALS PRESENTATIONS.pptx
IT3401-WEB ESSENTIALS PRESENTATIONS.pptxIT3401-WEB ESSENTIALS PRESENTATIONS.pptx
IT3401-WEB ESSENTIALS PRESENTATIONS.pptx
 
GENERAL CONDITIONS FOR CONTRACTS OF CIVIL ENGINEERING WORKS
GENERAL CONDITIONS  FOR  CONTRACTS OF CIVIL ENGINEERING WORKS GENERAL CONDITIONS  FOR  CONTRACTS OF CIVIL ENGINEERING WORKS
GENERAL CONDITIONS FOR CONTRACTS OF CIVIL ENGINEERING WORKS
 
Présentation IIRB 2024 Marine Cordonnier.pdf
Présentation IIRB 2024 Marine Cordonnier.pdfPrésentation IIRB 2024 Marine Cordonnier.pdf
Présentation IIRB 2024 Marine Cordonnier.pdf
 
Lecture 1: Basics of trigonometry (surveying)
Lecture 1: Basics of trigonometry (surveying)Lecture 1: Basics of trigonometry (surveying)
Lecture 1: Basics of trigonometry (surveying)
 
Lecture 2 .pptx
Lecture 2                            .pptxLecture 2                            .pptx
Lecture 2 .pptx
 
Landsman converter for power factor improvement
Landsman converter for power factor improvementLandsman converter for power factor improvement
Landsman converter for power factor improvement
 
Nodal seismic construction requirements.pptx
Nodal seismic construction requirements.pptxNodal seismic construction requirements.pptx
Nodal seismic construction requirements.pptx
 
Transforming Process Safety Management: Challenges, Benefits, and Transition ...
Transforming Process Safety Management: Challenges, Benefits, and Transition ...Transforming Process Safety Management: Challenges, Benefits, and Transition ...
Transforming Process Safety Management: Challenges, Benefits, and Transition ...
 
Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...
Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...
Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...
 
nvidia AI-gtc 2024 partial slide deck.pptx
nvidia AI-gtc 2024 partial slide deck.pptxnvidia AI-gtc 2024 partial slide deck.pptx
nvidia AI-gtc 2024 partial slide deck.pptx
 

Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard

  • 1. #WHOAMI -Howard Tsui -Senior Threat and Vulnerability Management Engineer -Financial industry in the United States
  • 2. CISO RIsk Awareness training Security project mgmt Metric and Report Security Operation Network Security End Point Security Cloud Security Threat and Vulnerability Vulnerability Management Security Operation Center Threat Intel Forensic Incident Responds Pentes / Red Team Fraud Physical Security BC/DR BC DR
  • 4. Entry Security+ Network+ Certified Ethical Hacker (CEH) SSCP GIAC entry levels Mid GIAC - GCIH ISC2 - CAP Certificated Information Security Auditor (CISA) Certificated Information Security Manager (CISM) Certificated Information Privacy Professional (CIPP) Advance GIAC – GPEN, GWAPT, etc. ISC2 – CISSP EC-Council – Licensed Penetration Tester(LPT) GIAC – GIAC Security Essential (GSE) Super Advance GXPEN OSCP OSCE Any exploit finding skills More 2nd language skill Firewall cert •CheckPoint •Palo Alto •Juniper •Cisco End Point •Carbon Block •Symantec •Trend Micro •McAfee Wireshark
  • 5. APPLICATION SECURITY Skills 1) Advance level programming skill in at least one language 1) Java, C++, JavaScript,,C#, Swift, etc… 2) Minimal - Know how to check for and defence against OWASP top 10 3) Minimal – Know Burp Suite. 4) Writing secure DLL 5) Static code review 6) Dynamic code review 7) Web Application Firewall 8) Regex
  • 6. NETWORK SECURITY • Mainly managing firewall • Sometime Network IDS, IPS • Know at least one large FW products – Palo Alto, CheckPoint, Juniper, Cisco, etc. • Networking (TCP/IP) • Network architecture • Hardware/software offerings • Architecture • Products • Wireshark/TCPdump • Clean after yourself • On call
  • 7. RISK MANAGEMENT • Situation awareness • Projects • Company direction • Current market trend • Be able to understand technical vulnerability and threat • Review policies • Security policy • Firewall • Configuration standards • Various audit reports • Asset Management • Risk evaluation • Acceptance • Exception • Mitigation • Remediation • Transfer • Cyber Insurance
  • 8. EXTERNAL RESOURCES • NIST CyberSeek • http://cyberseek.org/pathway.html • SANS • https://www.giac.org/certifications/get-certified/roadmap • Offensive Security • https://www.offensive-security.com/information-security-certifications/ • DerbyCon • https://www.derbycon.com/training-courses-2017/#IMMERSION • Defcon Workshops • https://www.defcon.org/html/defcon-25/dc-25-workshops.html • Safari Book Online • https://www.safaribooksonline.com/ • Cybrary • https://www.cybrary.it/0p3n/interactive-cyber-security-career-roadmap/ • ISACA • http://www.isaca.org/CERTIFICATION/Pages/default.aspx • ISC2 • https://www.isc2.org/Certifications/CISSP
  • 10. STORY TIME (CASE STUDIES) •USB Phishing attack •Why we did it •How it help company advance
  • 11. WHAT IS LACKING? • Engineers • Deep understand of different tools both commercial and open source • Specific domain knowledge • Enthusiastic people • Ignore vulnerability
  • 13. RECOMMENDED SOFT SKILLS • Looks at things from attacker’s perspective • Think technical vulnerabilities translating to fixing process vulnerabilities • Lead and hold effective meetings • Ability to translate technical issues (vulnerability, threat, attack methods) to business risk