Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Intro to Cybersecurity Workshop

Avatar for John Downey John Downey
July 24, 2017
Technology
150
0

Intro to Cybersecurity Workshop

Avatar for John Downey

John Downey

July 24, 2017

More Decks by John Downey

See All by John Downey
Cryptography Pitfalls at CactusCon 2019
Avatar for John Downey jtdowney
0
200
Cryptography Pitfalls at BsidesMSP 2017
Avatar for John Downey jtdowney
0
200
Cryptography Pitfalls at THOTCON 0x8
Avatar for John Downey jtdowney
0
210
Cryptography Pitfalls at ConFoo Montreal 2017
Avatar for John Downey jtdowney
1
370
Cryptography Pitfalls at BSidesPhilly 2016
Avatar for John Downey jtdowney
0
170
Cryptography Pitfalls at LASCON 2016
Avatar for John Downey jtdowney
0
220
Debugging TLS/SSL at DevOps Days Detroit 2016
Avatar for John Downey jtdowney
1
290
Debugging TLS/SSL at DevOpsDays Boston
Avatar for John Downey jtdowney
1
370
Cryptography Pitfalls at Abstractions
Avatar for John Downey jtdowney
0
130

Other Decks in Technology

See All in Technology
小さいVue.jsを30分で作る
Avatar for Hal hal_spidernight
0
140
小説執筆のハーネスエンジニアリング
Avatar for osushi_cr yoshitetsu
0
910
エージェントスキルを作って自分のインプットに役立てよう
Avatar for Yuta Matsumura tsubakimoto_s
0
540
Scovilleモバイルエンジニア募集中.pdf
Avatar for Julien Rudin julienrudin
0
150
コードや知識を組み込む / Incorporate Code and Knowledge
Avatar for Kenji Saito ks91
PRO
0
210
サービスの信頼性を高めるため、形骸化した「プロダクションミーティング」を立て直すまでの取り組み
Avatar for すてにゃん stefafafan
1
230
多角的な視点から見たAGI
Avatar for Terisuke terisuke
0
120
新卒エンジニア研修、ハンズオンの設計における課題と実践知/ #tachikawaany
Avatar for Ichiro Nishiuma nishiuma
2
110
もっとコンテンツをよく構造化して理解したいので、LLM 時代こそ Taxonomy の設計品質に目を向けたい〜!
Avatar for MasatoMasaMasa morinota
0
170
20260513_生成AIを専属DSに_AI分析結果の検品テクニック_ハンズオン_交通事故データ
Avatar for NobuakiOshiro doradora09
PRO
0
170
エージェント時代の UIとAPI、CLI戦略
Avatar for coincheck coincheck_recruit
0
130
ブラウザの投機的読み込みと投機ルールAPIを理解し、Webサービスのパフォーマンスを最適化する
Avatar for did0es shuta13
3
270

Featured

See All Featured
My Coaching Mixtape
Avatar for mlcsv mlcsv
0
120
Technical Leadership for Architectural Decision Making
Avatar for Kenny Baas-Schwegler baasie
3
350
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
174
15k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
211
24k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
37
7.2k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
274
21k
Tell your own story through comics
Avatar for letsgokoyo letsgokoyo
1
910
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
59
6.5k
Un-Boring Meetings
Avatar for Sebastian Deterding codingconduct
0
280
Fireside Chat
Avatar for paigeccino paigeccino
42
3.9k
16th Malabo Montpellier Forum Presentation
Avatar for AKADEMIYA2063 akademiya2063
PRO
0
110
Put a Button on it: Removing Barriers to Going Fast.
Avatar for kastner kastner
60
4.2k

Transcript

  1. Intro to Cybersecurity John Downey | @jtdowney http://bit.ly/2tTOeu1 1

  2. Intro to Cybersecurity Information Security John Downey | @jtdowney http://bit.ly/2tTOeu1

    2

  3. whoami 4 John Downey 4 Security Lead at Braintree 4

    All self taught 4 No certifications http://bit.ly/2tTOeu1 3

  4. Managing Risk Risk = Liklihood × Impact http://bit.ly/2tTOeu1 4

  5. Likelihood http://bit.ly/2tTOeu1 5

  6. Threat Actors 4 Skill 4 Motive 4 Opportunity 4 Organization

    http://bit.ly/2tTOeu1 6

  7. Vulnerability 4 Ease of discovery 4 Ease of exploitation 4

    Awareness 4 Zero day http://bit.ly/2tTOeu1 7

  8. Impact http://bit.ly/2tTOeu1 8

  9. Technical Loss 4 Confidentiality 4 Integrity 4 Availability http://bit.ly/2tTOeu1 9

  10. Damages 4 Financial 4 Reputation 4 Leadership Change http://bit.ly/2tTOeu1 10

  11. Mitigation Approach http://bit.ly/2tTOeu1 11

  12. Prevention 4 Segmentation 4 Access control lists 4 Training 4

    Testing 4 Governance http://bit.ly/2tTOeu1 12

  13. Detection 4 Scanning 4 Intrusion detection systems 4 File integrity

    monitoring 4 Antivirus http://bit.ly/2tTOeu1 13

  14. Response 4 Incident response plans 4 Security operations center 4

    Digital forensics 4 Active mitigtaion http://bit.ly/2tTOeu1 14

  15. Case Studies http://bit.ly/2tTOeu1 15

  16. Denial of Service http://bit.ly/2tTOeu1 16

  17. http://bit.ly/2tTOeu1 17

  18. http://bit.ly/2tTOeu1 18

  19. Tips 4 Evaluate the risk 4 Maybe have a plan

    for dealing with a DDoS attack http://bit.ly/2tTOeu1 19

  20. Password Reuse http://bit.ly/2tTOeu1 20

  21. http://bit.ly/2tTOeu1 21

  22. http://bit.ly/2tTOeu1 22

  23. Tips 4 Use a password manager 4 Enable two-factor authentication

    everywhere 4 Resources 4 https://haveibeenpwned.com 4 https://opensource.com/article/17/2/password- management http://bit.ly/2tTOeu1 23

  24. Software Patching http://bit.ly/2tTOeu1 24

  25. http://bit.ly/2tTOeu1 25

  26. http://bit.ly/2tTOeu1 26

  27. Tips 4 Turn on automatic updates 4 Don't dismiss or

    ignore updates 4 Keep all devices up to date 4 Help out those who aren't as security savvy http://bit.ly/2tTOeu1 27

  28. Software Bug http://bit.ly/2tTOeu1 28

  29. http://bit.ly/2tTOeu1 29

  30. Tips 4 OWASP - https://www.owasp.org 4 WebGoat - https://github.com/WebGoat/WebGoat 4

    Hacksplaining - https://www.hacksplaining.com http://bit.ly/2tTOeu1 30

  31. Workshop 4 Verizon Data Breach Report - http://vz.to/2qihidi 4 Hacksplaining

    - https://www.hacksplaining.com 4 WebGoat - https://github.com/WebGoat/WebGoat 4 flAWS - http://flaws.cloud http://bit.ly/2tTOeu1 31

  32. Image Credits 4 https://flic.kr/p/bov2cY 4 https://flic.kr/p/aoSXLS 4 https://flic.kr/p/npSVNU 4 https://en.wikipedia.org/wiki/Information_security

    4 https://en.wikipedia.org/wiki/PAVE_PAWS http://bit.ly/2tTOeu1 32