Bsu skills and_careers_in_cybersecurity
1 like184 views
The document discusses the various career paths and skills needed in the cybersecurity field, emphasizing the importance of diversity and networking. It highlights the role of a Chief Information Security Officer (CISO) in managing information security risks and the need for organizations to adapt to evolving threats, particularly in healthcare. Additionally, it underscores the value of different career experiences and the multitude of opportunities available in cybersecurity.
![Articles
The HPWeigh: Diversity and the Hardy-Weinberg Principle http://h20435.www2.hp.com/t5/HP-Labs-Blog/The-HP-Weigh-Diversity-and-the-Hardy-
Weinberg-Principle/ba-p/295220
TenThings toThink About ForYour Security Awareness Program https://www.sans.org/security-awareness-training/blog/ten-things-think-about-
your-security-awareness-program-guest-blog
Cyber Security AreWe Winning?
https://www.linkedin.com/pulse/cyber-security-we-winning-sandra-sandy-dunn/[linkedin.com]
Papers
The Scary andTerribleCode Signing ProblemYou Don’t KnowYou Have https://www.sans.org/reading-room/whitepapers/critical/scary-terrible-
code-signing-problem-you-36382
Defending Against theWeaponization ofTrust: Defense in Depth Assessment ofTLS https://www.giac.org/paper/gsna/4623/defending-
weaponization-trust-defense-in-depth-assessment-tls/116997
The BusinessCase forTLS Certificate Enterprise Key Management ofWeb Site Certificates: https://www.giac.org/paper/gccc/210/The-
Business-Case-for-TLS-Certificate-Enterprise-Key-Management-of-Web-Site-Certificates-Wrangling-TLS-Certificates-on-the-Wild-Web/116997
Superfish andTLS:A Case Study of BetrayedTrust and Legal Liability https://www.sans.org/reading-room/whitepapers/certificates/superfish-tls-
case-study-betrayed-trust-legal-liability-37532](https://image.slidesharecdn.com/bsuskillsandcareersincybersecurity-180308221322/85/Bsu-skills-and_careers_in_cybersecurity-13-320.jpg)
Bsu skills and_careers_in_cybersecurity
- 1. SKILLS & CAREERS IN CYBERSECURITY WE NEED MORE THAN HACKERS WITH LEET SKILZ) Sandy Dunn, CISO BlueCross of Idaho March 9, 2018 12:00 – 1:00 pm
- 2. Outline • Who am I • What is my role in Cyber Security • Career path / different perspective provided value • Diversity more than XY or XX • Security roles at _________ • Finding opportunities • Skills / Resumes / Interviews
- 3. Jobs I’ve had • Waitress • BarTender • Pushed cows sales yard • Filled doughnuts with jelly at bakery • Rodeo crew • Radio Sales • Office Manager • Software Sales • Computer Sales • HorseTrader • Competitive Intelligence • ACTTeam • PSOTeam • Information Security Officer • Cybersecurity Product Security Strategist • IT SecurityArchitect • Chief Information Security Officer (CISO) My best skill: saying “I don’t get it” Goal of Diversity: Build a culture that celebrates and encourages each employee to be open and bring their best selves and best ideas.
- 4. What is a CISO ? • Senior executive responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. • Identify, develop, implement, and maintain processes across the enterprise to reduce information security risk • Respond to incidents, establish standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures.
- 5. Top Priorities Top Challenges My Perspective on where the security industry is going • Ensure our organization is ready for Smart Healthcare, protecting information, any where, any time, on any device • Technical debt, increased availability expectations, increased threats • Just like airplanes and cars it took us a long time until we understood what safe is
- 6. What do they need to protect? Who do they need to protect it from? How do they protect it? • What do they do? • Who are their customers?
- 7. Questions Compliance or regulatory requirements ? How is technology used ? Where are their customer’s located How are transactions made? Invoices, credit card? • How do they get paid • Who pays the business, how? Do they do development? What do they develop? How do they engage with 3rd parties? • Supply chain • Hosting / Cloud
- 8. CSO / CISO Security Operations Incidence Response IT Security Architect Developer / Security Quality / Security Risk Management IT Audit Compliance Car manufacturer • PSIRT / Bug Bounty • Network • IP Leak • Internal domain • Cars Define Security Requirements • Security functional & non functional Supply Chain Software • Red team pen test • Red team pen test • Supply Chain • Over seas development • ISO – manage business vs security • Privacy • GDPR • Fraud detection • PCI • Red team pen test Insurance • Respond to board • Budget • Strategy • Malware / defense • WAF • Network Firewall • IAM / AD PHI Data Breach • Application review • Third party risk • Security Awareness • Business Continuity • Disaster Recovery • Control review • Validates Operational standards • HIPAA • DOI • FEP • Medicare University • SEIM • Forensics • Secure configs • Policy
- 11. • Finding opportunities • Skills • Resumes • Interviews Caitlyn • Figures out how she can add value • Works HARD • Super Positive • Great Communicator • Always FollowsThroughhttps://sites.google.com/view/thoughtsoncareerbuilding BSIDES Idaho Falls September 15, 2018 bsidesidahofalls.org bsidesidahofalls@gmail.com
- 12. Summary • Many different path to achieve your career goals • Having different career experiences brings value to each role • Many different opportunities in Cyber Security field where your strengths are a value • Networking, networking, networking
- 13. Articles The HPWeigh: Diversity and the Hardy-Weinberg Principle http://h20435.www2.hp.com/t5/HP-Labs-Blog/The-HP-Weigh-Diversity-and-the-Hardy- Weinberg-Principle/ba-p/295220 TenThings toThink About ForYour Security Awareness Program https://www.sans.org/security-awareness-training/blog/ten-things-think-about- your-security-awareness-program-guest-blog Cyber Security AreWe Winning? https://www.linkedin.com/pulse/cyber-security-we-winning-sandra-sandy-dunn/[linkedin.com] Papers The Scary andTerribleCode Signing ProblemYou Don’t KnowYou Have https://www.sans.org/reading-room/whitepapers/critical/scary-terrible- code-signing-problem-you-36382 Defending Against theWeaponization ofTrust: Defense in Depth Assessment ofTLS https://www.giac.org/paper/gsna/4623/defending- weaponization-trust-defense-in-depth-assessment-tls/116997 The BusinessCase forTLS Certificate Enterprise Key Management ofWeb Site Certificates: https://www.giac.org/paper/gccc/210/The- Business-Case-for-TLS-Certificate-Enterprise-Key-Management-of-Web-Site-Certificates-Wrangling-TLS-Certificates-on-the-Wild-Web/116997 Superfish andTLS:A Case Study of BetrayedTrust and Legal Liability https://www.sans.org/reading-room/whitepapers/certificates/superfish-tls- case-study-betrayed-trust-legal-liability-37532
- 14. Questions ?