Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Intro to Cybersecurity Workshop

Avatar for John Downey John Downey
July 24, 2017
Technology
0
130

Intro to Cybersecurity Workshop

Avatar for John Downey

John Downey

July 24, 2017
Tweet

More Decks by John Downey

See All by John Downey
Cryptography Pitfalls at CactusCon 2019
Avatar for John Downey jtdowney
0
160
Cryptography Pitfalls at BsidesMSP 2017
Avatar for John Downey jtdowney
0
170
Cryptography Pitfalls at THOTCON 0x8
Avatar for John Downey jtdowney
0
170
Cryptography Pitfalls at ConFoo Montreal 2017
Avatar for John Downey jtdowney
1
350
Cryptography Pitfalls at BSidesPhilly 2016
Avatar for John Downey jtdowney
0
150
Cryptography Pitfalls at LASCON 2016
Avatar for John Downey jtdowney
0
200
Debugging TLS/SSL at DevOps Days Detroit 2016
Avatar for John Downey jtdowney
1
260
Debugging TLS/SSL at DevOpsDays Boston
Avatar for John Downey jtdowney
1
340
Cryptography Pitfalls at Abstractions
Avatar for John Downey jtdowney
0
100

Other Decks in Technology

See All in Technology
コンテキストエンジニアリング入門〜AI Coding Agent作りで学ぶ文脈設計〜
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
3
2k
やる気のない自分との向き合い方/How to Deal with Your Unmotivated Self
Avatar for Genki Sano sanogemaru
1
530
FinOps について (ちょっと) 本気出して考えてみた
Avatar for skmkzyk skmkzyk
0
170
これがLambdaレス時代のChatOpsだ!実例で学ぶAmazon Q Developerカスタムアクション活用法
Avatar for iwamot iwamot
PRO
8
1.1k
HR Force における DWH の併用事例 ~ サービス基盤としての BigQuery / 分析基盤としての Snowflake ~@Cross Data Platforms Meetup #2「BigQueryと愉快な仲間たち」
Avatar for Ryo Suzuki ryo_suzuki
0
240
Dylib Hijacking on macOS: Dead or Alive?
Avatar for Patrick Wardle patrickwardle
0
400
Introdução a Service Mesh usando o Istio
Avatar for Aecio Pires aeciopires
1
230
AWSでAgentic AIを開発するための前提知識の整理
Avatar for Kiminori Yokoi nasuvitz
2
220
Data Hubグループ 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
2.2k
AIツールでどこまでデザインを忠実に実装できるのか
Avatar for Oikon oikon48
6
3.5k
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
Avatar for Sansan, Inc. sansan33
PRO
0
2.8k
業務効率化をさらに加速させる、ノーコードツールとStep Functionsのハイブリッド化
Avatar for Makky12 smt7174
2
150

Featured

See All Featured
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
9
920
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
667
120k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
5
690
BBQ
Avatar for Matthew Crist matthewcrist
89
9.8k
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9k
A Tale of Four Properties
Avatar for Chris Coyier chriscoyier
161
23k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
34
2.5k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
11k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
249
1.3M
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
285
14k
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
16
1.7k

Transcript

  1. Intro to Cybersecurity John Downey | @jtdowney http://bit.ly/2tTOeu1 1

  2. Intro to Cybersecurity Information Security John Downey | @jtdowney http://bit.ly/2tTOeu1

    2

  3. whoami 4 John Downey 4 Security Lead at Braintree 4

    All self taught 4 No certifications http://bit.ly/2tTOeu1 3

  4. Managing Risk Risk = Liklihood × Impact http://bit.ly/2tTOeu1 4

  5. Likelihood http://bit.ly/2tTOeu1 5

  6. Threat Actors 4 Skill 4 Motive 4 Opportunity 4 Organization

    http://bit.ly/2tTOeu1 6

  7. Vulnerability 4 Ease of discovery 4 Ease of exploitation 4

    Awareness 4 Zero day http://bit.ly/2tTOeu1 7

  8. Impact http://bit.ly/2tTOeu1 8

  9. Technical Loss 4 Confidentiality 4 Integrity 4 Availability http://bit.ly/2tTOeu1 9

  10. Damages 4 Financial 4 Reputation 4 Leadership Change http://bit.ly/2tTOeu1 10

  11. Mitigation Approach http://bit.ly/2tTOeu1 11

  12. Prevention 4 Segmentation 4 Access control lists 4 Training 4

    Testing 4 Governance http://bit.ly/2tTOeu1 12

  13. Detection 4 Scanning 4 Intrusion detection systems 4 File integrity

    monitoring 4 Antivirus http://bit.ly/2tTOeu1 13

  14. Response 4 Incident response plans 4 Security operations center 4

    Digital forensics 4 Active mitigtaion http://bit.ly/2tTOeu1 14

  15. Case Studies http://bit.ly/2tTOeu1 15

  16. Denial of Service http://bit.ly/2tTOeu1 16

  17. http://bit.ly/2tTOeu1 17

  18. http://bit.ly/2tTOeu1 18

  19. Tips 4 Evaluate the risk 4 Maybe have a plan

    for dealing with a DDoS attack http://bit.ly/2tTOeu1 19

  20. Password Reuse http://bit.ly/2tTOeu1 20

  21. http://bit.ly/2tTOeu1 21

  22. http://bit.ly/2tTOeu1 22

  23. Tips 4 Use a password manager 4 Enable two-factor authentication

    everywhere 4 Resources 4 https://haveibeenpwned.com 4 https://opensource.com/article/17/2/password- management http://bit.ly/2tTOeu1 23

  24. Software Patching http://bit.ly/2tTOeu1 24

  25. http://bit.ly/2tTOeu1 25

  26. http://bit.ly/2tTOeu1 26

  27. Tips 4 Turn on automatic updates 4 Don't dismiss or

    ignore updates 4 Keep all devices up to date 4 Help out those who aren't as security savvy http://bit.ly/2tTOeu1 27

  28. Software Bug http://bit.ly/2tTOeu1 28

  29. http://bit.ly/2tTOeu1 29

  30. Tips 4 OWASP - https://www.owasp.org 4 WebGoat - https://github.com/WebGoat/WebGoat 4

    Hacksplaining - https://www.hacksplaining.com http://bit.ly/2tTOeu1 30

  31. Workshop 4 Verizon Data Breach Report - http://vz.to/2qihidi 4 Hacksplaining

    - https://www.hacksplaining.com 4 WebGoat - https://github.com/WebGoat/WebGoat 4 flAWS - http://flaws.cloud http://bit.ly/2tTOeu1 31

  32. Image Credits 4 https://flic.kr/p/bov2cY 4 https://flic.kr/p/aoSXLS 4 https://flic.kr/p/npSVNU 4 https://en.wikipedia.org/wiki/Information_security

    4 https://en.wikipedia.org/wiki/PAVE_PAWS http://bit.ly/2tTOeu1 32