Intro to CybersecurityJohn Downey | @jtdowneyhttp://bit.ly/2tTOeu1 1
View Slide
Intro to CybersecurityInformation SecurityJohn Downey | @jtdowneyhttp://bit.ly/2tTOeu1 2
whoami4 John Downey4 Security Lead at Braintree4 All self taught4 No certificationshttp://bit.ly/2tTOeu1 3
Managing RiskRisk = Liklihood × Impacthttp://bit.ly/2tTOeu1 4
Likelihoodhttp://bit.ly/2tTOeu1 5
Threat Actors4 Skill4 Motive4 Opportunity4 Organizationhttp://bit.ly/2tTOeu1 6
Vulnerability4 Ease of discovery4 Ease of exploitation4 Awareness4 Zero dayhttp://bit.ly/2tTOeu1 7
Impacthttp://bit.ly/2tTOeu1 8
Technical Loss4 Confidentiality4 Integrity4 Availabilityhttp://bit.ly/2tTOeu1 9
Damages4 Financial4 Reputation4 Leadership Changehttp://bit.ly/2tTOeu1 10
Mitigation Approachhttp://bit.ly/2tTOeu1 11
Prevention4 Segmentation4 Access control lists4 Training4 Testing4 Governancehttp://bit.ly/2tTOeu1 12
Detection4 Scanning4 Intrusion detection systems4 File integrity monitoring4 Antivirushttp://bit.ly/2tTOeu1 13
Response4 Incident response plans4 Security operations center4 Digital forensics4 Active mitigtaionhttp://bit.ly/2tTOeu1 14
Case Studieshttp://bit.ly/2tTOeu1 15
Denial of Servicehttp://bit.ly/2tTOeu1 16
http://bit.ly/2tTOeu1 17
http://bit.ly/2tTOeu1 18
Tips4 Evaluate the risk4 Maybe have a plan for dealing with a DDoS attackhttp://bit.ly/2tTOeu1 19
Password Reusehttp://bit.ly/2tTOeu1 20
http://bit.ly/2tTOeu1 21
http://bit.ly/2tTOeu1 22
Tips4 Use a password manager4 Enable two-factor authentication everywhere4 Resources4 https://haveibeenpwned.com4 https://opensource.com/article/17/2/password-managementhttp://bit.ly/2tTOeu1 23
Software Patchinghttp://bit.ly/2tTOeu1 24
http://bit.ly/2tTOeu1 25
http://bit.ly/2tTOeu1 26
Tips4 Turn on automatic updates4 Don't dismiss or ignore updates4 Keep all devices up to date4 Help out those who aren't as security savvyhttp://bit.ly/2tTOeu1 27
Software Bughttp://bit.ly/2tTOeu1 28
http://bit.ly/2tTOeu1 29
Tips4 OWASP - https://www.owasp.org4 WebGoat - https://github.com/WebGoat/WebGoat4 Hacksplaining - https://www.hacksplaining.comhttp://bit.ly/2tTOeu1 30
Workshop4 Verizon Data Breach Report - http://vz.to/2qihidi4 Hacksplaining - https://www.hacksplaining.com4 WebGoat - https://github.com/WebGoat/WebGoat4 flAWS - http://flaws.cloudhttp://bit.ly/2tTOeu1 31
Image Credits4 https://flic.kr/p/bov2cY4 https://flic.kr/p/aoSXLS4 https://flic.kr/p/npSVNU4 https://en.wikipedia.org/wiki/Information_security4 https://en.wikipedia.org/wiki/PAVE_PAWShttp://bit.ly/2tTOeu1 32