The thrill of the hunt! You never encounter the same crime twice!
This expert analyzes how intruders breached the infrastructure in order to identify additional systems/networks that have been compromised. Investigating traces left by complex attacks requires a forensic expert who is not only proficient in the latest forensic, response, and reverse engineering skills, but is astute in the latest exploit methodologies.
"In the private world, the security guy just cleans up the mess to try and keep the ship afloat, but when criminals strike, the crime investigator gets to see that the bad guys go to jail. Want to see the face of your enemy... behind bars? It's a thrill like no other - being pitted against the mind of the criminal and having to reconstruct his lawless path."
Having mastered intrusion prevention/detection, computer forensics, hacker exploit techniques, and some reverse engineering of malware, this forensics expert thinks there is always more to learn and actively seeks out new learning opportunities daily.
- Attend training, conferences, and summits that focus on methodologies described below.
Listen to the latest podcasts discussing recent events. Use your blog reader to pull articles automatically found on Websites that focus on discussing the latest trends.
- Stay abreast of the latest attack methodologies.
How are attackers breaking into networks? Keep up to date on the latest attacker, pen testing, and red-team methodologies. Learn how to track an attacker across multiple system and technologies.
- Stay ahead of the curve on the latest forensic and incident response methodologies.
In addition to traditional forensic methodologies, you need to master live data analysis and collection. Learn how to examine volatile data and collect it effectively. Learn how to identify personal identifiable information and payment card information quickly.
- Get familiar with techniques that enable you to quickly analyze malware found on your network.
A skilled investigator can examine malware and network signatures to create malware indicators on the network in order to discover additional systems that may have been breached.
-Rob Lee, Forensic/Incident Response Faculty, SANS
Principal Consultant, Mandiant Inc.
You can be a hacker, but do it legally and get paid a lot of money!
This expert finds security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security. By identifying which flaws can be exploited to cause business risk, the pen tester provides crucial insights into the most pressing issues and suggests how to prioritize security resources.
Successful pen testers must combine outside-the-box, contrarian thinking with attention-to-detail, carefully organized action. As you analyze target systems, continually think about how to unravel their defenses; approach problems in a different way than "normal" sysadmins would. You have to spot weaknesses and logic flaws that other people might miss.
- Some specific tips:
Ed Skoudis Founder, Counter Hack Director, SANS NetWars & CyberCity projects SANS Fellow and Instructor
* Common starting point for people who become Top Guns. Sophisticated pen testers are considered Top Guns.
Seems like I can get a lot done with little to no push back
Today's Chief Information Security Officers are no longer defined the way they used to be. While still technologists, today's CISO/ISO's must have business acumen, communication skills, and process-oriented thinking. They need to connect legal, regulatory, and local organizational requirements with risk taking, financial constraints and technological adoption.
Organizations succeed by taking risks, and they frequently fail because they then don't manage the risk-taking very well. The risks are business risks, and the security team needs to see business constituencies as "customers". The "this is how it's always worked" idea must be discarded. Data-driven decisions, devolving perimeter, any-device thinking, collaboration technologies, virtualization, and mobile data are diametrically opposed to prior thinking. Today's solutions are tomorrow's threat, and global and geopolitical landscape shifts are tightly coupled to intellectual and informational threats.
Experience is often the training ground, and diverse thought along with scenario planning is the requirement for a good outcome. Focus on the business goals: Never forget that this is the basis for security thinking.
Kool, because this is VERY rare.
The security-savvy software developer leads all developers in the creation of secure software, implementing secure programming techniques that are free from logical design and technical implementation flaws. This expert is ultimately responsible for ensuring customer software is free from vulnerabilities that can be exploited by an attacker.
The role of security-savvy software developer is challenging and rewarding from multiple perspectives. To be successful, you must understand a multitude of attack vectors used to exploit software to avoid the introduction of flaws. This experience is also needed to leverage the same attack tools and techniques an adversary might use to exploit your software, identifying flaws to be addressed before product shipment.
In a development role, your position will be vital to the company's success, including your ability to communicate the techniques used for secure software development to your peers. This can be challenging, since few enjoy having their work criticized and flaws identified, but is a necessary component of an overall secure software strategy. This role is critical to not only the success of the company, but also to all the customers who implement your software. Secure software development has a direct and undeniable impact on the ability of an organization to protect their systems and information assets, and you play a key role in that success.
Joshua Wright Senior Security Engineer, Counter Hack SANS Senior Instructor
* Often a stepping stone to a Top Gun job.