Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Intro to Cybersecurity Workshop

John Downey
July 24, 2017
Technology
0
100

Intro to Cybersecurity Workshop

John Downey

July 24, 2017
Tweet

More Decks by John Downey

See All by John Downey
Cryptography Pitfalls at CactusCon 2019
jtdowney
0
79
Cryptography Pitfalls at BsidesMSP 2017
jtdowney
0
110
Cryptography Pitfalls at THOTCON 0x8
jtdowney
0
150
Cryptography Pitfalls at ConFoo Montreal 2017
jtdowney
1
260
Cryptography Pitfalls at BSidesPhilly 2016
jtdowney
0
77
Cryptography Pitfalls at LASCON 2016
jtdowney
0
120
Debugging TLS/SSL at DevOps Days Detroit 2016
jtdowney
1
180
Debugging TLS/SSL at DevOpsDays Boston
jtdowney
1
270
Cryptography Pitfalls at Abstractions
jtdowney
0
71

Other Decks in Technology

See All in Technology
大規模言語モデルで変わるMLシステム開発
hirosatogamo
13
10k
カンファレンススタッフはいいぞ
muno92
PRO
1
140
開幕LT
makamaka
0
370
作って理解するバックドア
ad5jp
0
430
Pain-free APIs with Smithy4s
kubukoz
0
150
可能な限り確実にmkdirを成功させるには / Make mkdir
oogfranz
PRO
0
110
Cloudflare WorkersとKVで キャッシュを非同期に更新する | Cloudflare Meetup Nagoya
aiji42
0
120
NLF 9th place solution
yururoi
0
170
What's New in early 2023
nicolasgrekas
1
110
レコメンドコンペ入門
t88
0
350
stdClassって一体何者なんだ?!/Who the hell is stdClass?
daina0321
0
410
ChatGPT(GPT-4版)でIoTやってみた / IoTLT vol.97
you
0
190

Featured

See All Featured
Web development in the modern age
philhawksworth
197
9.6k
A Modern Web Designer's Workflow
chriscoyier
689
180k
KATA
mclloyd
12
10k
Pencils Down: Stop Designing & Start Developing
hursman
114
10k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
224
50k
Support Driven Design
roundedbygravity
88
8.9k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
152
13k
Debugging Ruby Performance
tmm1
67
11k
StorybookのUI Testing Handbookを読んだ
zakiyama
8
3.4k
Embracing the Ebb and Flow
colly
76
3.6k
Clear Off the Table
cherdarchuk
79
290k
Music & Morning Musume
bryan
37
4.7k

Transcript

  1. Intro to Cybersecurity
    John Downey | @jtdowney
    http://bit.ly/2tTOeu1 1

    View Slide

  2. Intro to Cybersecurity
    Information Security
    John Downey | @jtdowney
    http://bit.ly/2tTOeu1 2

    View Slide

  3. whoami
    4 John Downey
    4 Security Lead at Braintree
    4 All self taught
    4 No certifications
    http://bit.ly/2tTOeu1 3

    View Slide

  4. Managing Risk
    Risk = Liklihood × Impact
    http://bit.ly/2tTOeu1 4

    View Slide

  5. Likelihood
    http://bit.ly/2tTOeu1 5

    View Slide

  6. Threat Actors
    4 Skill
    4 Motive
    4 Opportunity
    4 Organization
    http://bit.ly/2tTOeu1 6

    View Slide

  7. Vulnerability
    4 Ease of discovery
    4 Ease of exploitation
    4 Awareness
    4 Zero day
    http://bit.ly/2tTOeu1 7

    View Slide

  8. Impact
    http://bit.ly/2tTOeu1 8

    View Slide

  9. Technical Loss
    4 Confidentiality
    4 Integrity
    4 Availability
    http://bit.ly/2tTOeu1 9

    View Slide

  10. Damages
    4 Financial
    4 Reputation
    4 Leadership Change
    http://bit.ly/2tTOeu1 10

    View Slide

  11. Mitigation Approach
    http://bit.ly/2tTOeu1 11

    View Slide

  12. Prevention
    4 Segmentation
    4 Access control lists
    4 Training
    4 Testing
    4 Governance
    http://bit.ly/2tTOeu1 12

    View Slide

  13. Detection
    4 Scanning
    4 Intrusion detection systems
    4 File integrity monitoring
    4 Antivirus
    http://bit.ly/2tTOeu1 13

    View Slide

  14. Response
    4 Incident response plans
    4 Security operations center
    4 Digital forensics
    4 Active mitigtaion
    http://bit.ly/2tTOeu1 14

    View Slide

  15. Case Studies
    http://bit.ly/2tTOeu1 15

    View Slide

  16. Denial of Service
    http://bit.ly/2tTOeu1 16

    View Slide

  17. http://bit.ly/2tTOeu1 17

    View Slide

  18. http://bit.ly/2tTOeu1 18

    View Slide

  19. Tips
    4 Evaluate the risk
    4 Maybe have a plan for dealing with a DDoS attack
    http://bit.ly/2tTOeu1 19

    View Slide

  20. Password Reuse
    http://bit.ly/2tTOeu1 20

    View Slide

  21. http://bit.ly/2tTOeu1 21

    View Slide

  22. http://bit.ly/2tTOeu1 22

    View Slide

  23. Tips
    4 Use a password manager
    4 Enable two-factor authentication everywhere
    4 Resources
    4 https://haveibeenpwned.com
    4 https://opensource.com/article/17/2/password-
    management
    http://bit.ly/2tTOeu1 23

    View Slide

  24. Software Patching
    http://bit.ly/2tTOeu1 24

    View Slide

  25. http://bit.ly/2tTOeu1 25

    View Slide

  26. http://bit.ly/2tTOeu1 26

    View Slide

  27. Tips
    4 Turn on automatic updates
    4 Don't dismiss or ignore updates
    4 Keep all devices up to date
    4 Help out those who aren't as security savvy
    http://bit.ly/2tTOeu1 27

    View Slide

  28. Software Bug
    http://bit.ly/2tTOeu1 28

    View Slide

  29. http://bit.ly/2tTOeu1 29

    View Slide

  30. Tips
    4 OWASP - https://www.owasp.org
    4 WebGoat - https://github.com/WebGoat/WebGoat
    4 Hacksplaining - https://www.hacksplaining.com
    http://bit.ly/2tTOeu1 30

    View Slide

  31. Workshop
    4 Verizon Data Breach Report - http://vz.to/2qihidi
    4 Hacksplaining - https://www.hacksplaining.com
    4 WebGoat - https://github.com/WebGoat/WebGoat
    4 flAWS - http://flaws.cloud
    http://bit.ly/2tTOeu1 31

    View Slide

  32. Image Credits
    4 https://flic.kr/p/bov2cY
    4 https://flic.kr/p/aoSXLS
    4 https://flic.kr/p/npSVNU
    4 https://en.wikipedia.org/wiki/Information_security
    4 https://en.wikipedia.org/wiki/PAVE_PAWS
    http://bit.ly/2tTOeu1 32

    View Slide