One of 4 professionals world wide to obtain the SANS GSE
Download
Report
Transcript One of 4 professionals world wide to obtain the SANS GSE
My Career in Information Security
Andrew Martin - Information Security Specialist, CIBC
Agenda
My background
Pre-CIBC experience and qualifications
How I got my current job
Qualifications obtained at CIBC
Current responsibilities
Tools
Attacks
Opportunities and how to be successful
Background
Graduated from CTY program in December 2003
before Seneca moved to York
Specialized in security
Left the country in January 2004, missed my
convocation and traveled the South Pacific for 7
months
Pre-CIBC experience and qualifications
Worked for a friend’s small company
Home / SOHO clients
First exposure to security involved removing viruses like
Blaster, MyDoom, securing wireless networks,
deploying home firewalls.
Got a job for Microsoft’s out sourced support company
in Sydney, Australia when the Sasser worm hit in April
2004
Contract junior network admin for WSI in 2005
Helped build a small data center
Secured their workstations, wireless access points
Pre-CIBC experience and qualifications
Certifications
A+, Server +, Network +
MCP in Windows 2003 administration
How I got my current job
While working at WSI I noticed a job posting at CIBC
for a desktop support analyst
Applied for and got the job
Supported CIBC’s trading floor staff including traders,
back office staff and some senior executives
Spent 8 months in desktop support
How I got my current job
Noticed a job opening in security group as an analyst
24/7 support
12 hour rotating shifts
7AM-7PM / 7PM -7AM (terrible!)
Monitor Intrusion Detection System (IDS) and other
security devices
Passion for security, enthusiasm and willingness to
learn got me the job
Fantastic position to “get your foot in the door”
How I got my current job
Excelled at responsibilities as a shift analyst, moved to
9-5 day job after 8 months (more responsibility, same
pay )
My boss wanted to have someone working everyday
who could find and investigate attacks
A new position was created for me
Promoted to specialist a few months later
Have been in my current role for a little over a year
Qualifications obtained at CIBC
MCSA – 2003, specialized in security
CCNA
CISSP
SANS:
GCFA Gold (Forensic Analyst) – Mobile Device
Forensics
GCIH Gold(Incident Handler) – Exploit Kits Revealed –
MPack
GREM (Reverse Engineering Malware)
And my most recent…..
Qualifications obtained at CIBC
One of 4 professionals world wide to obtain the SANS GSE
(Security Expert) Malware certification
GCFA, GCIH, GREM were prerequisites, I needed to write two
papers to achieve gold status as well. The prereqs took over a
year to complete
The testing included:
A telephone interview
150 multiple choice questions
2 days (14 hours) of hands on lab assignments at the SANS Las
Vegas 2008 conference
A written report
CIBC covered my expenses and flew me to Vegas to take it!
Current responsibilities
Mentor and lead a team of 9 analysts
Lead for maintaining CIBC’s Intrusion Detection System
Influence direction of CIBC’s information security by applying
real world attack experience
Research & investigate security threats to CIBC’s infrastructure
Reverse engineer malware (viruses) to determine their capability
Find, investigate and (sometimes) take down botnets
Recover sensitive stolen information
Assist corporate security and online fraud investigation groups
Tools
From a high level
Anti virus
Intrusion Detection System
Proxy + Web Filtering
Log correlation engine
Tools
For reverse engineering and malware analysis
Linux
VMware
Wireshark
Perl, strings, file, netcat, hex editor
Encase (Helix or SANS SIFT)
Debugger – ollydbg
Disassembler – IDA pro
Mandiant red curtain
PEiD
Various unpackers
Memory dumper (lordPE)
Sysinterals tools – process explorer, process monitor
Etc, etc
Tools
Bar none, the MOST important tools for conducting
investigations are your “detective hat” and patience
You must always answer these questions
When was the system attacked?
Who attacked the system? (IP address)
How was it compromised?
What was the purpose or payload of the attack?
Attacks
Trends
Client side attacks – Workstations are compromised via
malicious websites typically via ActiveX controls
Server side attacks – Websites are compromised in the
tens of thousands by SQL injection, remote file
inclusion and stolen or weak passwords
Opportunities and how to be
successful
To excel in security (technically) you should be at least
competent in virtually every area of IT
Windows administration
***Unix/Linux administration***
Networking / firewall
Development (scripting, programming)
Databases / SQL
Hardware
Opportunities and how to be
successful
From Tech Republic’s 2008 salary report (US)
Top 30 job functions
Security Specialist ranks 8th with avg salary of 85K
No I don’t make that much sadly
#1 - Executive Management (CEO SVP VP) $104,767
#2 - System Architect $100,734
#7 - Database Manager $87,261
#8 - Computer Security Specialist $85,699
#22 - Network Analyst $64,217
#30 - Help Desk Support $48,783
Opportunities and how to be
successful
Information Security is a hot field, but hard to break into
Hackers won’t stop hacking, they will only hack more. There is
lots of money being made by bad guys
Two paths to take
1 – Work for a “Client” ex: CIBC
2 – Work for a “Vendor” ex: Symantec
Look for jobs with a company that is governed by regulations.
These regulations will stipulate that they must have dedicated
security staff and resources
Banks, insurance companies, health care providers, government
Take a job to “get your foot in the door”
Opportunities and how to be
successful
“Soft” skills are incredibly valuable
Enthusiasm
Willingness to learn
Public speaking
Ability to admit mistakes
Ability to work in a team
Without strong soft skills your career will be severely
limited
The most successful people are good at many things
Questions?