$30 off During Our Annual Pro Sale. View Details »

Intro to Cybersecurity Workshop

Intro to Cybersecurity Workshop

John Downey

July 24, 2017
Tweet

More Decks by John Downey

Other Decks in Technology

Transcript

  1. Intro to Cybersecurity
    John Downey | @jtdowney
    http://bit.ly/2tTOeu1 1

    View Slide

  2. Intro to Cybersecurity
    Information Security
    John Downey | @jtdowney
    http://bit.ly/2tTOeu1 2

    View Slide

  3. whoami
    4 John Downey
    4 Security Lead at Braintree
    4 All self taught
    4 No certifications
    http://bit.ly/2tTOeu1 3

    View Slide

  4. Managing Risk
    Risk = Liklihood × Impact
    http://bit.ly/2tTOeu1 4

    View Slide

  5. Likelihood
    http://bit.ly/2tTOeu1 5

    View Slide

  6. Threat Actors
    4 Skill
    4 Motive
    4 Opportunity
    4 Organization
    http://bit.ly/2tTOeu1 6

    View Slide

  7. Vulnerability
    4 Ease of discovery
    4 Ease of exploitation
    4 Awareness
    4 Zero day
    http://bit.ly/2tTOeu1 7

    View Slide

  8. Impact
    http://bit.ly/2tTOeu1 8

    View Slide

  9. Technical Loss
    4 Confidentiality
    4 Integrity
    4 Availability
    http://bit.ly/2tTOeu1 9

    View Slide

  10. Damages
    4 Financial
    4 Reputation
    4 Leadership Change
    http://bit.ly/2tTOeu1 10

    View Slide

  11. Mitigation Approach
    http://bit.ly/2tTOeu1 11

    View Slide

  12. Prevention
    4 Segmentation
    4 Access control lists
    4 Training
    4 Testing
    4 Governance
    http://bit.ly/2tTOeu1 12

    View Slide

  13. Detection
    4 Scanning
    4 Intrusion detection systems
    4 File integrity monitoring
    4 Antivirus
    http://bit.ly/2tTOeu1 13

    View Slide

  14. Response
    4 Incident response plans
    4 Security operations center
    4 Digital forensics
    4 Active mitigtaion
    http://bit.ly/2tTOeu1 14

    View Slide

  15. Case Studies
    http://bit.ly/2tTOeu1 15

    View Slide

  16. Denial of Service
    http://bit.ly/2tTOeu1 16

    View Slide

  17. http://bit.ly/2tTOeu1 17

    View Slide

  18. http://bit.ly/2tTOeu1 18

    View Slide

  19. Tips
    4 Evaluate the risk
    4 Maybe have a plan for dealing with a DDoS attack
    http://bit.ly/2tTOeu1 19

    View Slide

  20. Password Reuse
    http://bit.ly/2tTOeu1 20

    View Slide

  21. http://bit.ly/2tTOeu1 21

    View Slide

  22. http://bit.ly/2tTOeu1 22

    View Slide

  23. Tips
    4 Use a password manager
    4 Enable two-factor authentication everywhere
    4 Resources
    4 https://haveibeenpwned.com
    4 https://opensource.com/article/17/2/password-
    management
    http://bit.ly/2tTOeu1 23

    View Slide

  24. Software Patching
    http://bit.ly/2tTOeu1 24

    View Slide

  25. http://bit.ly/2tTOeu1 25

    View Slide

  26. http://bit.ly/2tTOeu1 26

    View Slide

  27. Tips
    4 Turn on automatic updates
    4 Don't dismiss or ignore updates
    4 Keep all devices up to date
    4 Help out those who aren't as security savvy
    http://bit.ly/2tTOeu1 27

    View Slide

  28. Software Bug
    http://bit.ly/2tTOeu1 28

    View Slide

  29. http://bit.ly/2tTOeu1 29

    View Slide

  30. Tips
    4 OWASP - https://www.owasp.org
    4 WebGoat - https://github.com/WebGoat/WebGoat
    4 Hacksplaining - https://www.hacksplaining.com
    http://bit.ly/2tTOeu1 30

    View Slide

  31. Workshop
    4 Verizon Data Breach Report - http://vz.to/2qihidi
    4 Hacksplaining - https://www.hacksplaining.com
    4 WebGoat - https://github.com/WebGoat/WebGoat
    4 flAWS - http://flaws.cloud
    http://bit.ly/2tTOeu1 31

    View Slide

  32. Image Credits
    4 https://flic.kr/p/bov2cY
    4 https://flic.kr/p/aoSXLS
    4 https://flic.kr/p/npSVNU
    4 https://en.wikipedia.org/wiki/Information_security
    4 https://en.wikipedia.org/wiki/PAVE_PAWS
    http://bit.ly/2tTOeu1 32

    View Slide