1 / 20

Penetration Testing Training Day

Penetration Testing Training Day. Penetration Testing Careers Mike Westmacott, Chair YPISG, Consultant IRM plc. Where to begin?. Here! Show an interest! Understand the role Disadvantages to it are… …nothing compared to the benefits! It’s not easy! Plenty of different roles. 2.

sanura
Download Presentation

Penetration Testing Training Day

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Penetration Testing Training Day Penetration Testing Careers Mike Westmacott, Chair YPISG, Consultant IRM plc

  2. Where to begin? • Here! Show an interest! • Understand the role • Disadvantages to it are… • …nothing compared to the benefits! • It’s not easy! • Plenty of different roles 2 Presentation to insert name here

  3. The Industry • Not a huge number of players • Pure pentest • Pure consultancy • Hybrids 3 Presentation to insert name here

  4. What to clients require? • Assurance • Box ticking • Expertise • Understanding • Help! • Ultimately: Value 4 Presentation to insert name here

  5. What’s the value chain? • We provide reports • We have expertise to quickly create outcomes • The reports we provide cost less than employing full time specialists • We are the experts 5 Presentation to insert name here

  6. How are consultancy companies structured? • Trainees • Junior Consultants • Consultants • Senior Consultants • Managing Consultants • Project Services • Sales • Back Office • Board 6 Presentation to insert name here

  7. Who provides training? • Many… • BCS, ISC2, SANS • Crest, Tiger • Offensive Security, MDSec, 7Safe, IRM • Professional Groups • BCS, IISP 7 Presentation to insert name here

  8. Ongoing training and requirements • Government Work • The National Technical Authority for Information Assurance • Check • Security Clearance • Police • PCI • QSA (Qualified Security Assessor) 8 Presentation to insert name here

  9. Clearance • Types • Various different categories of information and operations • Levels • Multiple levels for degree of information privilege • Multiple organisations may hold and maintain clearances for individuals • Only limited numbers provide them 9 Presentation to insert name here

  10. Clearance • Government • Baseline Personnel Security Standard(BPSS) are not formal security clearances; they are a package of pre-employment checks that represent good recruitment and employment practice. • Counter Terrorist Check (CTC) is required for personnel whose work involves close proximity to public figures, gives access to information or material vulnerable to terrorist attack or involves unrestricted access to certain government or commercial establishments. A (CTC) does not allow access, or knowledge, or custody, of protectively marked assets and information. The check includes a Baseline Personnel Security Standard Check (BPSS) and also a check against national security records. To gain (CTC) clearance you will normally have had to have been a resident in the UK for a minimum of 3 years. 10 Presentation to insert name here

  11. Clearance • Security Check (SC) is for people who have substantial access to SECRET, or occasional access to TOP SECRET assets and information. This level of clearance involves a (BPSS) check plus UK criminal and security checks and a credit check. To gain (SC) clearance you will normally have had to have been a resident in the UK for a minimum of 5 years. • Developed Vetting (DV) is the highest level of Security Clearance and is required for people with substantial unsupervised access to TOP SECRET assets, or for working in the intelligence or security agencies. This level of clearance involves Security Check (SC) and, in addition, completion of a (DV) questionnaire, financial checks, checking of references and a detailed interview with a vetting officer. To gain (DV) clearance you will normally have had to have been a resident in the UK for a minimum of 10 years. 11 Presentation to insert name here

  12. Clearance • Security Check (SC) is for people who have substantial access to SECRET, or occasional access to TOP SECRET assets and information. This level of clearance involves a (BPSS) check plus UK criminal and security checks and a credit check. To gain (SC) clearance you will normally have had to have been a resident in the UK for a minimum of 5 years. • Developed Vetting (DV) is the highest level of Security Clearance and is required for people with substantial unsupervised access to TOP SECRET assets, or for working in the intelligence or security agencies. This level of clearance involves Security Check (SC) and, in addition, completion of a (DV) questionnaire, financial checks, checking of references and a detailed interview with a vetting officer. To gain (DV) clearance you will normally have had to have been a resident in the UK for a minimum of 10 years. 12 Presentation to insert name here

  13. Activities • Board • Define what strategy the organisation will follow to be successful • Executive • Implement the strategy and report on BAU, develop new strategic ideas • Marketing • Construct services and products that fulfill the strategy • Sales • Identify clients and markets where products and services 13 Presentation to insert name here

  14. Activities • Consultancy Floor • Technical Account Managers • Team Leads • Penetration Testers, Auditors, Analysts • Quality Assurance • Trainers 14 Presentation to insert name here

  15. 15 Presentation to insert name here

  16. Testing and The Law Computer Misuse Act 1990 • Unauthorised use or interference • Data Protection Act 2000 • Personally Identifiable Information • The Communications Act 2003 • Improper use of public communications services • Regulation of Investigatory Powers Act 2000 • Control of lawful interception of traffic 16 Presentation to insert name here

  17. International Law PIPEDA – Canada's Data Protection Act • Safe Harbour • US Initiative to mitigate EU's strict data protection – US companies apply to be safe harbours for EU PII • US Cryptographic Export Controls • Also import of encrypted data and systems 17 Presentation to insert name here

  18. 18 Presentation to insert name here

  19. International Law PIPEDA – Canada's Data Protection Act • Safe Harbour • US Initiative to mitigate EU's strict data protection – US companies apply to be safe harbours for EU PII • US Cryptographic Export Controls • Also import of encrypted data and systems 19 Presentation to insert name here

  20. International Law PIPEDA – Canada's Data Protection Act • Safe Harbour • US Initiative to mitigate EU's strict data protection – US companies apply to be safe harbours for EU PII • US Cryptographic Export Controls • Also import of encrypted data and systems 20 Presentation to insert name here

More Related