Presentation is loading. Please wait.

Presentation is loading. Please wait.

Joaquin Fuentes MBA, CEH, CPT, CISSP, CISA, NACA

Published byGlenna Sugiarto Modified over 6 years ago

Similar presentations

Presentation on theme: "Joaquin Fuentes MBA, CEH, CPT, CISSP, CISA, NACA"— Presentation transcript:

1 Joaquin Fuentes MBA, CEH, CPT, CISSP, CISA, NACA
Practical Security Joaquin Fuentes MBA, CEH, CPT, CISSP, CISA, NACA

2 About Joaquin Manager, Penetration Testing @Early Warning
ASU Alumnus, 2001 OWASP Phoenix Chapter Leader CTF winning team member, CactusCon & DefCon @hackerbyhobby

3 Dialogue Agenda Hacking the “Catch 22” Being a Hacker
Foundational Skills Demonstrable Knowledge Resources “Try Harder”

4 Catch 22 Catch-22: A paradoxical situation from which an individual cannot escape because of contradictory rules. An example would be: "How am I supposed to gain experience [to be hired for a job] if I'm constantly turned down for not having any?"

5 *Spoiler Alert* “Try Harder” - Offensive Security

6 Being a Hacker hack·er ˈhakər/ noun noun: hacker; plural noun: hackers
1 a person who uses computers to gain unauthorized access to data. 2 synonyms: 3 cybercriminal, pirate, computer criminal, keylogger, keystroke logger; informalcyberpunk, hacktivist "viruses that are the brainchildren of these malicious hackers"

7 Being a Hacker What your friends think you do:

8 Being a Hacker What the world thinks you do:

9 Being a Hacker What you actually do:

10 Being a Hacker Example InfoSec Job Titles: Penetration Tester
Consultant IT Auditor Security Architect Security Engineer CISO Security Analyst Developer Network Security Specialist Security Operations Analyst, SOC Analyst Professor Infrastructure Security Specialist

11 Being a Hacker My Story …the short version “War” Stories
Lessons Learned Focused, Self-training “Try Harder”

12 Know Defensive Security
Foundational Skills Be ethical Networking Fundamentals OSI Model Development & Scripting Linux & Windows Web Servers Web Applications Web Services Database Deployments Transact SQL Know Defensive Security Recommendations

13 Demonstrable Knowledge
Have you performed the activity hands-on, more than a few times? Can you walk me through some examples? What tools can you describe using? What are some best-practice defenses? Describe recent major vulnerabilities

14 Demonstrable Knowledge
Networking Fundamentals NMap, ncat OSI Model Know attacks & defense examples at each layer Development & Scripting C, C++, Java, Python, .Net Linux & Windows Kali Linux Web Servers Apache, IIS, Nginx Web Applications How to attack with a Proxy Web Services SOAP, REST Database Deployments Transact SQL Know Defensive Security Recommendations e.g. OWASP Recommendations

15 Resources InfoSec News CactusCon OWASP Security Shephard ZAP
PentesterAcademy.com Offensive-Security Blog overthewire.org/wargames Bandit, Natas Krebs On Security ISSA, ISACA, SDSUG

16 Certification Providers
Some of the better ones… Offensive Security eLearnSecurity Pentester Academy PentesterLab

17 “Try Harder” Plan to fail, don’t fail to plan Get your degree
Stay focused Get certifications Participate in the Community

Download ppt "Joaquin Fuentes MBA, CEH, CPT, CISSP, CISA, NACA"

Similar presentations

Assessments, Audits, and Penetration Tests, Oh My Ira Winkler, CISSP +1-410-544-3435.

Assessments, Audits, and Penetration Tests, Oh My Ira Winkler, CISSP
PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.

PENETRATION TESTING Presenters:Chakrit Sanbuapoh Sr. Information Security MFEC.
Chapter 1 Ethical Hacking Overview. Who Am I?  Kevin Riley  Systems / Network Analyst Orange Coast College   Phone 714.432.5949.

Chapter 1 Ethical Hacking Overview. Who Am I?  Kevin Riley  Systems / Network Analyst Orange Coast College   Phone
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
APAC Defense Forum Learning and IT Capacity Building for Defense Sector.

APAC Defense Forum Learning and IT Capacity Building for Defense Sector.
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
Shad Malloy CAaNES, LLC.

Shad Malloy CAaNES, LLC.
Distance Education Team 2 Security Architectures and Analysis.

Distance Education Team 2 Security Architectures and Analysis.
Hacking outside the box Mike Aiello. Objectives Describe jobs in “Infosec Discuss why communication is critically important to Infosec professionals.

Hacking outside the box Mike Aiello. Objectives Describe jobs in “Infosec" Discuss why communication is critically important to Infosec professionals.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
The Business of Penetration Testing

The Business of Penetration Testing
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.

BackTrack Penetration Testing Workshop Michael Holcomb, CISSP Upstate ISSA Chapter.
Introduction to Application Penetration Testing

Introduction to Application Penetration Testing
Susanna Jordan Period 4.  What do they do?  How much do they make (range)?  What kind of education or training do they need?  What kind of company.

Susanna Jordan Period 4.  What do they do?  How much do they make (range)?  What kind of education or training do they need?  What kind of company.
Can your team outwit, outplay and outlast your opponents to be the ultimate CyberSurvivor?

Can your team outwit, outplay and outlast your opponents to be the ultimate CyberSurvivor?
Nata Raju Gurrapu Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.

Nata Raju Gurrapu Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.
Penetration Test https://store.theartofservice.com/the-penetration-test-toolkit.html.

Penetration Test

Similar presentations

Ads by Google