Intro to Cybersecurity Workshop

Slide 1

Slide 1 text

Intro to Cybersecurity John Downey | @jtdowney http://bit.ly/2tTOeu1 1

Slide 2

Slide 2 text

Intro to Cybersecurity Information Security John Downey | @jtdowney http://bit.ly/2tTOeu1 2

Slide 3

Slide 3 text

whoami 4 John Downey 4 Security Lead at Braintree 4 All self taught 4 No certifications http://bit.ly/2tTOeu1 3

Slide 4

Slide 4 text

Managing Risk Risk = Liklihood × Impact http://bit.ly/2tTOeu1 4

Slide 5

Slide 5 text

Likelihood http://bit.ly/2tTOeu1 5

Slide 6

Slide 6 text

Threat Actors 4 Skill 4 Motive 4 Opportunity 4 Organization http://bit.ly/2tTOeu1 6

Slide 7

Slide 7 text

Vulnerability 4 Ease of discovery 4 Ease of exploitation 4 Awareness 4 Zero day http://bit.ly/2tTOeu1 7

Slide 8

Slide 8 text

Impact http://bit.ly/2tTOeu1 8

Slide 9

Slide 9 text

Technical Loss 4 Confidentiality 4 Integrity 4 Availability http://bit.ly/2tTOeu1 9

Slide 10

Slide 10 text

Damages 4 Financial 4 Reputation 4 Leadership Change http://bit.ly/2tTOeu1 10

Slide 11

Slide 11 text

Mitigation Approach http://bit.ly/2tTOeu1 11

Slide 12

Slide 12 text

Prevention 4 Segmentation 4 Access control lists 4 Training 4 Testing 4 Governance http://bit.ly/2tTOeu1 12

Slide 13

Slide 13 text

Detection 4 Scanning 4 Intrusion detection systems 4 File integrity monitoring 4 Antivirus http://bit.ly/2tTOeu1 13

Slide 14

Slide 14 text

Response 4 Incident response plans 4 Security operations center 4 Digital forensics 4 Active mitigtaion http://bit.ly/2tTOeu1 14

Slide 15

Slide 15 text

Case Studies http://bit.ly/2tTOeu1 15

Slide 16

Slide 16 text

Denial of Service http://bit.ly/2tTOeu1 16

Slide 17

Slide 17 text

http://bit.ly/2tTOeu1 17

Slide 18

Slide 18 text

http://bit.ly/2tTOeu1 18

Slide 19

Slide 19 text

Tips 4 Evaluate the risk 4 Maybe have a plan for dealing with a DDoS attack http://bit.ly/2tTOeu1 19

Slide 20

Slide 20 text

Password Reuse http://bit.ly/2tTOeu1 20

Slide 21

Slide 21 text

http://bit.ly/2tTOeu1 21

Slide 22

Slide 22 text

http://bit.ly/2tTOeu1 22

Slide 23

Slide 23 text

Tips 4 Use a password manager 4 Enable two-factor authentication everywhere 4 Resources 4 https://haveibeenpwned.com 4 https://opensource.com/article/17/2/password- management http://bit.ly/2tTOeu1 23

Slide 24

Slide 24 text

Software Patching http://bit.ly/2tTOeu1 24

Slide 25

Slide 25 text

http://bit.ly/2tTOeu1 25

Slide 26

Slide 26 text

http://bit.ly/2tTOeu1 26

Slide 27

Slide 27 text

Tips 4 Turn on automatic updates 4 Don't dismiss or ignore updates 4 Keep all devices up to date 4 Help out those who aren't as security savvy http://bit.ly/2tTOeu1 27

Slide 28

Slide 28 text

Software Bug http://bit.ly/2tTOeu1 28

Slide 29

Slide 29 text

http://bit.ly/2tTOeu1 29

Slide 30

Slide 30 text

Tips 4 OWASP - https://www.owasp.org 4 WebGoat - https://github.com/WebGoat/WebGoat 4 Hacksplaining - https://www.hacksplaining.com http://bit.ly/2tTOeu1 30

Slide 31

Slide 31 text

Workshop 4 Verizon Data Breach Report - http://vz.to/2qihidi 4 Hacksplaining - https://www.hacksplaining.com 4 WebGoat - https://github.com/WebGoat/WebGoat 4 flAWS - http://flaws.cloud http://bit.ly/2tTOeu1 31

Slide 32

Slide 32 text

Image Credits 4 https://flic.kr/p/bov2cY 4 https://flic.kr/p/aoSXLS 4 https://flic.kr/p/npSVNU 4 https://en.wikipedia.org/wiki/Information_security 4 https://en.wikipedia.org/wiki/PAVE_PAWS http://bit.ly/2tTOeu1 32