Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Intro to Cybersecurity Workshop

Avatar for John Downey John Downey
July 24, 2017
Technology
0
120

Intro to Cybersecurity Workshop

Avatar for John Downey

John Downey

July 24, 2017
Tweet

More Decks by John Downey

See All by John Downey
Cryptography Pitfalls at CactusCon 2019
Avatar for John Downey jtdowney
0
160
Cryptography Pitfalls at BsidesMSP 2017
Avatar for John Downey jtdowney
0
170
Cryptography Pitfalls at THOTCON 0x8
Avatar for John Downey jtdowney
0
170
Cryptography Pitfalls at ConFoo Montreal 2017
Avatar for John Downey jtdowney
1
340
Cryptography Pitfalls at BSidesPhilly 2016
Avatar for John Downey jtdowney
0
150
Cryptography Pitfalls at LASCON 2016
Avatar for John Downey jtdowney
0
200
Debugging TLS/SSL at DevOps Days Detroit 2016
Avatar for John Downey jtdowney
1
250
Debugging TLS/SSL at DevOpsDays Boston
Avatar for John Downey jtdowney
1
340
Cryptography Pitfalls at Abstractions
Avatar for John Downey jtdowney
0
99

Other Decks in Technology

See All in Technology
How to Quickly Call American Airlines®️ U.S. Customer Care : Full Guide
Avatar for goldfinch3710 flyaahelpguide
0
240
PHPからはじめるコンピュータアーキテクチャ / From Scripts to Silicon: A Journey Through the Layers of Computing
Avatar for HASEGAWA Tomoki tomzoh
2
120
ClaudeCode_vs_GeminiCLI_Terraformで比較してみた
Avatar for t-kikuchi tkikuchi
1
1k
AWS CDK 入門ガイド これだけは知っておきたいヒント集
Avatar for Anan Kikuchi anank
5
750
All About Sansan – for New Global Engineers
Avatar for Sansan, Inc. sansan33
PRO
1
1.2k
Delegating the chores of authenticating users to Keycloak
Avatar for Alexander Schwartz ahus1
0
190
推し書籍📚 / Books and a QA Engineer
Avatar for akihisa1210 ak1210
0
140
セキュアなAI活用のためのLiteLLMの可能性
Avatar for Hiroki Takatsuka tk3fftk
1
330
“日本一のM&A企業”を支える、少人数SREの効率化戦略 / SRE NEXT 2025
Avatar for GENDA genda
1
270
名刺メーカーDevグループ 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
820
〜『世界中の家族のこころのインフラ』を目指して”次の10年”へ〜 SREが導いたグローバルサービスの信頼性向上戦略とその舞台裏 / Towards the Next Decade: Enhancing Global Service Reliability
Avatar for kohbis kohbis
3
1.5k
大量配信システムにおけるSLOの実践:「見えない」信頼性をSLOで可視化
Avatar for PLAID Tech plaidtech
PRO
0
390

Featured

See All Featured
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
1
450
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
31
1.3k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
34
3.1k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
328
39k
Side Projects
Avatar for Sacha Greif sachag
455
42k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
173
14k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
126
53k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
40
1.9k
Faster Mobile Websites
Avatar for Dean Hume deanohume
308
31k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
271
27k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
613
210k

Transcript

  1. Intro to Cybersecurity John Downey | @jtdowney http://bit.ly/2tTOeu1 1

  2. Intro to Cybersecurity Information Security John Downey | @jtdowney http://bit.ly/2tTOeu1

    2

  3. whoami 4 John Downey 4 Security Lead at Braintree 4

    All self taught 4 No certifications http://bit.ly/2tTOeu1 3

  4. Managing Risk Risk = Liklihood × Impact http://bit.ly/2tTOeu1 4

  5. Likelihood http://bit.ly/2tTOeu1 5

  6. Threat Actors 4 Skill 4 Motive 4 Opportunity 4 Organization

    http://bit.ly/2tTOeu1 6

  7. Vulnerability 4 Ease of discovery 4 Ease of exploitation 4

    Awareness 4 Zero day http://bit.ly/2tTOeu1 7

  8. Impact http://bit.ly/2tTOeu1 8

  9. Technical Loss 4 Confidentiality 4 Integrity 4 Availability http://bit.ly/2tTOeu1 9

  10. Damages 4 Financial 4 Reputation 4 Leadership Change http://bit.ly/2tTOeu1 10

  11. Mitigation Approach http://bit.ly/2tTOeu1 11

  12. Prevention 4 Segmentation 4 Access control lists 4 Training 4

    Testing 4 Governance http://bit.ly/2tTOeu1 12

  13. Detection 4 Scanning 4 Intrusion detection systems 4 File integrity

    monitoring 4 Antivirus http://bit.ly/2tTOeu1 13

  14. Response 4 Incident response plans 4 Security operations center 4

    Digital forensics 4 Active mitigtaion http://bit.ly/2tTOeu1 14

  15. Case Studies http://bit.ly/2tTOeu1 15

  16. Denial of Service http://bit.ly/2tTOeu1 16

  17. http://bit.ly/2tTOeu1 17

  18. http://bit.ly/2tTOeu1 18

  19. Tips 4 Evaluate the risk 4 Maybe have a plan

    for dealing with a DDoS attack http://bit.ly/2tTOeu1 19

  20. Password Reuse http://bit.ly/2tTOeu1 20

  21. http://bit.ly/2tTOeu1 21

  22. http://bit.ly/2tTOeu1 22

  23. Tips 4 Use a password manager 4 Enable two-factor authentication

    everywhere 4 Resources 4 https://haveibeenpwned.com 4 https://opensource.com/article/17/2/password- management http://bit.ly/2tTOeu1 23

  24. Software Patching http://bit.ly/2tTOeu1 24

  25. http://bit.ly/2tTOeu1 25

  26. http://bit.ly/2tTOeu1 26

  27. Tips 4 Turn on automatic updates 4 Don't dismiss or

    ignore updates 4 Keep all devices up to date 4 Help out those who aren't as security savvy http://bit.ly/2tTOeu1 27

  28. Software Bug http://bit.ly/2tTOeu1 28

  29. http://bit.ly/2tTOeu1 29

  30. Tips 4 OWASP - https://www.owasp.org 4 WebGoat - https://github.com/WebGoat/WebGoat 4

    Hacksplaining - https://www.hacksplaining.com http://bit.ly/2tTOeu1 30

  31. Workshop 4 Verizon Data Breach Report - http://vz.to/2qihidi 4 Hacksplaining

    - https://www.hacksplaining.com 4 WebGoat - https://github.com/WebGoat/WebGoat 4 flAWS - http://flaws.cloud http://bit.ly/2tTOeu1 31

  32. Image Credits 4 https://flic.kr/p/bov2cY 4 https://flic.kr/p/aoSXLS 4 https://flic.kr/p/npSVNU 4 https://en.wikipedia.org/wiki/Information_security

    4 https://en.wikipedia.org/wiki/PAVE_PAWS http://bit.ly/2tTOeu1 32