Intro to Cybersecurity Workshop

Transcript

1. Intro to Cybersecurity John Downey | @jtdowney http://bit.ly/2tTOeu1 1

2. Intro to Cybersecurity Information Security John Downey | @jtdowney http://bit.ly/2tTOeu1

   2

3. whoami 4 John Downey 4 Security Lead at Braintree 4

   All self taught 4 No certifications http://bit.ly/2tTOeu1 3

4. Managing Risk Risk = Liklihood × Impact http://bit.ly/2tTOeu1 4

5. Likelihood http://bit.ly/2tTOeu1 5

6. Threat Actors 4 Skill 4 Motive 4 Opportunity 4 Organization

   http://bit.ly/2tTOeu1 6

7. Vulnerability 4 Ease of discovery 4 Ease of exploitation 4

   Awareness 4 Zero day http://bit.ly/2tTOeu1 7

8. Impact http://bit.ly/2tTOeu1 8

9. Technical Loss 4 Confidentiality 4 Integrity 4 Availability http://bit.ly/2tTOeu1 9

10. Damages 4 Financial 4 Reputation 4 Leadership Change http://bit.ly/2tTOeu1 10

11. Mitigation Approach http://bit.ly/2tTOeu1 11

12. Prevention 4 Segmentation 4 Access control lists 4 Training 4

    Testing 4 Governance http://bit.ly/2tTOeu1 12

13. Detection 4 Scanning 4 Intrusion detection systems 4 File integrity

    monitoring 4 Antivirus http://bit.ly/2tTOeu1 13

14. Response 4 Incident response plans 4 Security operations center 4

    Digital forensics 4 Active mitigtaion http://bit.ly/2tTOeu1 14

15. Case Studies http://bit.ly/2tTOeu1 15

16. Denial of Service http://bit.ly/2tTOeu1 16

17. http://bit.ly/2tTOeu1 17

18. http://bit.ly/2tTOeu1 18

19. Tips 4 Evaluate the risk 4 Maybe have a plan

    for dealing with a DDoS attack http://bit.ly/2tTOeu1 19

20. Password Reuse http://bit.ly/2tTOeu1 20

21. http://bit.ly/2tTOeu1 21

22. http://bit.ly/2tTOeu1 22

23. Tips 4 Use a password manager 4 Enable two-factor authentication

    everywhere 4 Resources 4 https://haveibeenpwned.com 4 https://opensource.com/article/17/2/password- management http://bit.ly/2tTOeu1 23

24. Software Patching http://bit.ly/2tTOeu1 24

25. http://bit.ly/2tTOeu1 25

26. http://bit.ly/2tTOeu1 26

27. Tips 4 Turn on automatic updates 4 Don't dismiss or

    ignore updates 4 Keep all devices up to date 4 Help out those who aren't as security savvy http://bit.ly/2tTOeu1 27

28. Software Bug http://bit.ly/2tTOeu1 28

29. http://bit.ly/2tTOeu1 29

30. Tips 4 OWASP - https://www.owasp.org 4 WebGoat - https://github.com/WebGoat/WebGoat 4

    Hacksplaining - https://www.hacksplaining.com http://bit.ly/2tTOeu1 30

31. Workshop 4 Verizon Data Breach Report - http://vz.to/2qihidi 4 Hacksplaining

    - https://www.hacksplaining.com 4 WebGoat - https://github.com/WebGoat/WebGoat 4 flAWS - http://flaws.cloud http://bit.ly/2tTOeu1 31

32. Image Credits 4 https://flic.kr/p/bov2cY 4 https://flic.kr/p/aoSXLS 4 https://flic.kr/p/npSVNU 4 https://en.wikipedia.org/wiki/Information_security

    4 https://en.wikipedia.org/wiki/PAVE_PAWS http://bit.ly/2tTOeu1 32