Dinesh O Bareja

October 07, 2012

 Exciting domain Hacking is the key word ! Attracts everyone with the lure of power to go where no one else can \ Dynamic subject keeps changing Leaves you behind if you sleep ! Means different things to different people

Prospects Career Certifications \ Essentials The Future

 Information Management & Security Professional in continuous learning mode !

Advisor. CDRC, Jharkhand Police \ Founder. Indian Honeynet Project Working under the banner of Open Security Alliance offering specialist data security services and solutions And. Wannabe Photographer !

 Listings of certifications, professional choices, subject areas are indicative so do not limit your thought process ! Other stuff like questions, phones, errors \

We know we are in a good domain so this is just to \ set the context

Way back in 2010 an analyst firm said this is the smartest place to be in

with apologies to cartoonstock.com

Whether you are carrying out an audit or a \ vulnerability assessment you can be sure something exciting will happen
Or you will just be astonished by the silly mistakes and oversight of people However, lets check what you need to get started

Audit and Assurance GRC, ISMS, PCI, ITAM Technical Assessment Ethical Hacking, AppSec Technology Specialists Cloud, Mobile, Malware Architect Enterprise, National, Data Center \ Product / Technology Specialists DLP, SIEM Process Specialists Change, Incident Law Cyber Law, IPR, Privacy Law enforcement Forensics, IB, Cyber Cell Evangelist & Manager CISO,

Audit Risk Management Process Specialist Management Incident Response BCP / DR Fraud IDAM

Network Infrastructure Forensics Data Centers Malware & Exploit Law enforcement Social Engineering Cloud Security Ethical Hacking

Entry Level

Network Security Engineer/Administrator End point security consultant Security Operations Center Analyst L1 Security Compliance Analyst

Intermediate Level

Forensic Analyst Incident Responder L2 Malware Analyst Security Analyst Application Penetration Tester Senior Security Operations Center Analyst L2 Technical Director and Deputy CISO Intrusion Analyst L1 Vulnerability Researcher/ Exploit Developer Security Auditor SOC Manager Enterprise Penetration Tester Vulnerability / Risk Manager Compliance Assurance / Governance Officer

Expert Level

Security Architect L3/L4 Computer Crime Investigator CISO/ISO or Director of Security Prosecutor Specializing in Information Security Crime Senior Intrusion Analyst L3/L4 \ Disaster Recovery/Business Continuity Analyst/Manager Operating Center Delivery Manager Information Security Crime Investigator / Forensics Expert Infrastructure Security Assessor Enterprise Security Trainer SOC Architect

#11

#1 Information Security Crime Investigator/Forensics Expert #2 System, Network, and/or Web Penetration Tester #3 Forensic Analyst \ #4 Incident Responder #5 Security Architect #6 Malware Analyst #7 Network Security Engineer #8 Security Analyst #9 Computer Crime Investigator #10 CISO/ISO or Director of Security

Application Penetration Tester #12 Security Operations Center Analyst #13 Prosecutor Specializing in Information Security Crime #14 Technical Director and Deputy CISO #15 Intrusion Analyst #16 Vulnerability Researcher/ Exploit Developer #17 Security Auditor #18 Security-savvy Software Developer #19 Security Maven in an Application Developer Organization #20 Disaster Recovery/Business Continuity Analyst/Manager

#11

#1 Information Security Crime Investigator/Forensics Expert #2 System, Network, and/or Web Penetration Tester #3 Forensic Analyst \ #4 Incident Responder #5 Security Architect #6 Malware Analyst #7 Network Security Engineer #8 Security Analyst #9 Computer Crime Investigator #10 CISO/ISO or Director of Security

Application Penetration Tester #12 Security Operations Center Analyst #13 Prosecutor Specializing in Information Security Crime #14 Technical Director and Deputy CISO #15 Intrusion Analyst #16 Vulnerability Researcher/ Exploit Developer #17 Security Auditor #18 Security-savvy Software Developer #19 Security Maven in an Application Developer Organization #20 Disaster Recovery/Business Continuity Analyst/Manager

Your years of learning is the foundation on which \ you will build your professional life
Embellish your degrees and learning with professional certifications Every great picture needs a nice photoframe. take your time to select with care !

International Standard for Information Security (ISC)2

Certified Information Systems Security Professional (CISSP) Systems Security Certified Practitioner (SSCP) Certified Authorization Professional (CAP)

EC-Council
Certified Ethical Hacker (C|EH) Computer Hacking Forensic Investigator (C|HFI) EC-Council Certified Security Analyst (E|CSA) Licensed Penetration Tester (LPT) EC-Council Network Security Administrator (E|NSA)

Global Information Assurance Certification (GIAC)

GIAC Security Essentials GIAC Certified Incident Handler

ISACA
Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified in the Governance of Enterprise IT (CGEIT)

GIAC Certified Intrusion Analyst

GIAC Penetration Tester GIAC Certified Forensic Analyst

Certified Secure Software Lifecycle Professional (CSSLP)

GIAC Reverse Engineering Malware GIAC Certified Forensic Examiner GIAC Security Leadership GIAC Information Security Professional GIAC Certified ISO-27000 Specialist GIAC Certified Project Manager GIAC Systems and Network Auditor

Certified in Risk and Information Risk Control (CRISC)

EC-Council Certified Incident Handler (E|CIH)

Certified Disaster Recovery Professional (CDRP) Certified Chief Information Security Officer (C|CISO) Certified Secure Computer User (C|CSCU)

As you step into the big world equip yourself with \ these traits to ensure your success
Never underestimate anyone and never overestimate yourself Polish your essential toolbox continuously . and if I have forgotten something please share !

 Work / job / skill ready candidate who can hit the ground running from day 1 Walks, talks, and looks good Team player, leadership qualities, good \ presentation skills, ability to work under pressure ;) Local experience Great project work

From The Silent Movie Mel Brooks, 1976

A League of Extraordinary Gentlemen and Ladies

Ethics, honesty, integrity Good Old Common Sense Remember Value Education / Moral Science \ Analytical Mindset Think global act local Keep the big picture in mind Look good, feel good, give good vibes, smell good, talk good

 Business and Data is king, everything else is secondary Understand business management Finance \ Interpersonal relations, communication, negotiation, problem solving Leadership Technology

Read, read and read articles, newspapers Networking Learn a language \ Respect and stay within the law Be the go-to person Help and mentor Learn from everyone and everything and update yourself continuously

Each year, NACE asks employers to rate the importance of a variety of skills and abilities. Communication generally comes out on top, but some other qualities can be equally important to employers. This year, employers cite teamwork ability, interpersonal and problem-solving skills, and initiative as key qualities. In addition to specific skills, employers want well-rounded candidates who can work will with others and function effectively in the workplace.

 A passion for the subject of security and a demonstrable capacity for lateral thinking are good indicators of suitability, too. And increasingly, security leaders should also be looking for \ candidates who take an active interest in the world outside the IT department, and in particular, the business world. I like to know if they read the Financial Times or the Harvard Business Review. I want to know that they're regularly engaging in business conversations with business people, he says.

Passion Dorey: You can always see the spark' in people who are truly passionate about information security. If they express an interest, but there's no spark, then you need to question their motivation and suitability for the role. Lateral thinking Morgan: What I want is someone who brings something new to the table in meetings, someone who can take a problem and see a whole other angle on it that others may have missed. Technical awareness Morgan: An information security manager\needs to be sufficiently up to speed that they don't get slapped down by the CIO. But at the same time, they shouldn't be too seduced by technical-speak. Business focus Dorey: Can they talk to the business about security issues, at a level that the business will understand? Are they capable of understanding the business's objectives, and creating security solutions that don't get in the way, but still give an adequate degree of protection? Tolerance for ambiguity Morgan: Perfect security is never possible, so a good information security professional has to be able to take a pragmatic approach to grey areas' and deal with ambiguity. There's no place for perfectionism on the IT security team you want someone who is prepared to strive for progressive improvements.

Resilience Morgan: There's rarely any praise for getting things right in IT security, and a huge amount of criticism when things go wrong. If someone needs approval and praise, then they need to consider another career. Cool-headedness Dorey: How do they react to crisis situations? The further they progress in their information security careers, the more likely they will be responsible for orchestrating crisis-management efforts. Will they be able to cope? Imagination Dorey: Can they get inside the mind of an\ attacker? Are they fascinated by what they find when they get inside? Persistence Dorey: A good information security professional isn't frustrated by a challenge they approach it with an insatiable intellectual curiosity and determination. The job's never going to be routine and it's not right for someone who likes absolute clarity and working to strict goals. Following the paper trail Until recently, rapid growth in demand for IS staff meant that practical experience took precedence over paperwork when it came to making recruitment decisions. These days, relevant academic and professional qualifications can be a real advantage for candidates and employers alike, by giving clearer indications of levels of knowledge and achievement.

Do you still want me to tell you about the future !

\

Exponential growth of data processing, all pervasiveness of technology, proportional increase in risks / threats / crime, continued weaknesses in IT production / development and such bad things point to a good future !

Cloud Mobile Computing Big Data \ Bio-Technology Critical Infrastructure Unmanned vehicles, Robotics Smart Grids 3 D printing

 Grasp the basic understanding of infosec (how, why, what) Learn about policies, strategies, how business alignment works, people, technologies, automation Go deeper into processes and see how they complement each other and assist business Take up technical training (and / or non-technical) with \ certifications (to establish your professional credentials) Work with various vendors and their products for technologies like SIEM, DLP, IDAM, SSO etc Get product based certifications Imbibe and learn business and finance skills Grow yourself as a professional and as a person with continuous learning and training

Good Luck !

The world awaits.. You, your \ skill and your success.

 Contact Information:
E: dinesh@opensecurityalliance.org T: +91.9769890505 \ T: @bizsprite F: dineshobareja L: http://in.linkedin.com/in/dineshbareja Flickr: dineshobareja

http://z6mag.com/business/cyber-security-jobs-training-are-on-the-risebucking-unemployment-trend-164105.html http://www.devry.edu/know-how/top-information-security-breaches-inhistory/#_edn1 http://vizualarchive.com/2012/cyber-security-growth-outlook-and-cybercrime-statistics/ www.cartoonstock.com \ Skills Framework for the Information Age: www.sfia.org.uk Gartner Google and Wikipedia, of course Various other sources, acknowledged and unacknowledged. No claim is made, implied or otherwise, for ownership of graphics or relationship(s) with any organizations, individuals mentioned. Information is presented as is and reader is advised to adopt due diligence while using the same. Any objections may be addressed to any of the addresses in this document. Acknowledgement and thanks to the anonymous or unidentifiable resources.

This document is a creation of Open Security Alliance and is released in the public domain under Creative Commons License (Attribution-Noncommercial 2.5 India) http://creativecommons.org/licenses/by-nc-sa/2.5/in/. Disclaimer: The practices listed in the document are provided as is and as guidance and the authors do not claim that these comprise the only practices to be followed. The readers are urged to make informed decisions in their usage. Feedback is solicited and you can access other topics at our website www.opensecurityalliance.org Contributors: Dinesh O Bareja Reviewers: Mainak Biswas Title: Career Prospects in Information Security Version: 1.0 / October 07, 2012