$30 off During Our Annual Pro Sale. View Details »

Intro to Cybersecurity Workshop

John Downey
July 24, 2017
Technology
0
110

Intro to Cybersecurity Workshop

John Downey

July 24, 2017
Tweet

More Decks by John Downey

See All by John Downey
Cryptography Pitfalls at CactusCon 2019
jtdowney
0
100
Cryptography Pitfalls at BsidesMSP 2017
jtdowney
0
130
Cryptography Pitfalls at THOTCON 0x8
jtdowney
0
150
Cryptography Pitfalls at ConFoo Montreal 2017
jtdowney
1
280
Cryptography Pitfalls at BSidesPhilly 2016
jtdowney
0
92
Cryptography Pitfalls at LASCON 2016
jtdowney
0
150
Debugging TLS/SSL at DevOps Days Detroit 2016
jtdowney
1
190
Debugging TLS/SSL at DevOpsDays Boston
jtdowney
1
280
Cryptography Pitfalls at Abstractions
jtdowney
0
81

Other Decks in Technology

See All in Technology
LLMを活用した爆速アウトプットのすゝめ / bakusoku-outputs-with-llm
yuya4
8
3.8k
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
2
3.9k
機械学習システム構築実践ガイド
shibuiwilliam
0
270
論文紹介: Improving Implicit Feedback-Based Recommendation through Multi-Behavior Alignment(Xin Xin et al., 2023)
hakubishin3
0
170
DMMオンラインサロン エンジニア採用資料/ for-software-engineers
onlinesalon
0
3.6k
ROSCon 2023参加報告:Real-Time Workshop & Zenoh's Current Status and Forecast
takasehideki
1
210
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
1.2k
【Python東海#44】Pydroid3で画像処理
kazuhitotakahashi
0
210
dbt Coreとdbt-athenaによるAWS上のdbt環境構築ナレッジ
nayuts
0
110
EventStormingとRDRA2.0で大規模レガシーシステムのフルリニューアルPJに挑む
leveragestech
0
1.1k
コロプラ_SRE_LCE_ゲームバックエンド_性能との戦い
colopl
0
130
お客様、そこは秘孔です!突かないでください! HTTP/2 Rapid reset の概要と対策
murachiakira
0
150

Featured

See All Featured
XXLCSS - How to scale CSS and keep your sanity
sugarenia
239
1.2M
ReactJS: Keep Simple. Everything can be a component!
pedronauck
656
120k
How to name files
jennybc
59
87k
Debugging Ruby Performance
tmm1
68
11k
Infographics Made Easy
chrislema
236
17k
Fireside Chat
paigeccino
18
2.3k
Fantastic passwords and where to find them - at NoRuKo
philnash
34
2.2k
Designing for Performance
lara
601
66k
The Language of Interfaces
destraynor
149
22k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
4k
Build your cross-platform service in a week with App Engine
jlugia
223
17k
Adopting Sorbet at Scale
ufuk
66
8.2k

Transcript

  1. Intro to Cybersecurity
    John Downey | @jtdowney
    http://bit.ly/2tTOeu1 1

    View Slide

  2. Intro to Cybersecurity
    Information Security
    John Downey | @jtdowney
    http://bit.ly/2tTOeu1 2

    View Slide

  3. whoami
    4 John Downey
    4 Security Lead at Braintree
    4 All self taught
    4 No certifications
    http://bit.ly/2tTOeu1 3

    View Slide

  4. Managing Risk
    Risk = Liklihood × Impact
    http://bit.ly/2tTOeu1 4

    View Slide

  5. Likelihood
    http://bit.ly/2tTOeu1 5

    View Slide

  6. Threat Actors
    4 Skill
    4 Motive
    4 Opportunity
    4 Organization
    http://bit.ly/2tTOeu1 6

    View Slide

  7. Vulnerability
    4 Ease of discovery
    4 Ease of exploitation
    4 Awareness
    4 Zero day
    http://bit.ly/2tTOeu1 7

    View Slide

  8. Impact
    http://bit.ly/2tTOeu1 8

    View Slide

  9. Technical Loss
    4 Confidentiality
    4 Integrity
    4 Availability
    http://bit.ly/2tTOeu1 9

    View Slide

  10. Damages
    4 Financial
    4 Reputation
    4 Leadership Change
    http://bit.ly/2tTOeu1 10

    View Slide

  11. Mitigation Approach
    http://bit.ly/2tTOeu1 11

    View Slide

  12. Prevention
    4 Segmentation
    4 Access control lists
    4 Training
    4 Testing
    4 Governance
    http://bit.ly/2tTOeu1 12

    View Slide

  13. Detection
    4 Scanning
    4 Intrusion detection systems
    4 File integrity monitoring
    4 Antivirus
    http://bit.ly/2tTOeu1 13

    View Slide

  14. Response
    4 Incident response plans
    4 Security operations center
    4 Digital forensics
    4 Active mitigtaion
    http://bit.ly/2tTOeu1 14

    View Slide

  15. Case Studies
    http://bit.ly/2tTOeu1 15

    View Slide

  16. Denial of Service
    http://bit.ly/2tTOeu1 16

    View Slide

  17. http://bit.ly/2tTOeu1 17

    View Slide

  18. http://bit.ly/2tTOeu1 18

    View Slide

  19. Tips
    4 Evaluate the risk
    4 Maybe have a plan for dealing with a DDoS attack
    http://bit.ly/2tTOeu1 19

    View Slide

  20. Password Reuse
    http://bit.ly/2tTOeu1 20

    View Slide

  21. http://bit.ly/2tTOeu1 21

    View Slide

  22. http://bit.ly/2tTOeu1 22

    View Slide

  23. Tips
    4 Use a password manager
    4 Enable two-factor authentication everywhere
    4 Resources
    4 https://haveibeenpwned.com
    4 https://opensource.com/article/17/2/password-
    management
    http://bit.ly/2tTOeu1 23

    View Slide

  24. Software Patching
    http://bit.ly/2tTOeu1 24

    View Slide

  25. http://bit.ly/2tTOeu1 25

    View Slide

  26. http://bit.ly/2tTOeu1 26

    View Slide

  27. Tips
    4 Turn on automatic updates
    4 Don't dismiss or ignore updates
    4 Keep all devices up to date
    4 Help out those who aren't as security savvy
    http://bit.ly/2tTOeu1 27

    View Slide

  28. Software Bug
    http://bit.ly/2tTOeu1 28

    View Slide

  29. http://bit.ly/2tTOeu1 29

    View Slide

  30. Tips
    4 OWASP - https://www.owasp.org
    4 WebGoat - https://github.com/WebGoat/WebGoat
    4 Hacksplaining - https://www.hacksplaining.com
    http://bit.ly/2tTOeu1 30

    View Slide

  31. Workshop
    4 Verizon Data Breach Report - http://vz.to/2qihidi
    4 Hacksplaining - https://www.hacksplaining.com
    4 WebGoat - https://github.com/WebGoat/WebGoat
    4 flAWS - http://flaws.cloud
    http://bit.ly/2tTOeu1 31

    View Slide

  32. Image Credits
    4 https://flic.kr/p/bov2cY
    4 https://flic.kr/p/aoSXLS
    4 https://flic.kr/p/npSVNU
    4 https://en.wikipedia.org/wiki/Information_security
    4 https://en.wikipedia.org/wiki/PAVE_PAWS
    http://bit.ly/2tTOeu1 32

    View Slide