Penetration Testing Training Day Penetration Testing Careers Mike
- Slides: 20
Penetration Testing Training Day Penetration Testing Careers Mike Westmacott, Chair YPISG, Consultant IRM plc
Where to begin? • Here! Show an interest! • Understand the role • Disadvantages to it are… • …nothing compared to the benefits! • It’s not easy! • Plenty of different roles Presentation to insert name here 2
The Industry • Not a huge number of players • Pure pentest • Pure consultancy • Hybrids Presentation to insert name here 3
What to clients require? • Assurance • Box ticking • Expertise • Understanding • Help! • Ultimately: Value Presentation to insert name here 4
What’s the value chain? • We provide reports • We have expertise to quickly create outcomes • The reports we provide cost less than employing full time specialists • We are the experts Presentation to insert name here 5
How are consultancy companies structured? • Trainees • Junior Consultants • Senior Consultants • Managing Consultants • Project Services • Sales • Back Office • Board Presentation to insert name here 6
Who provides training? • Many… • BCS, ISC 2, SANS • Crest, Tiger • Offensive Security, MDSec, 7 Safe, IRM • Professional Groups • BCS, IISP Presentation to insert name here 7
Ongoing training and requirements • Government Work • The National Technical Authority for Information Assurance • Check • Security Clearance • Police • PCI • QSA (Qualified Security Assessor) Presentation to insert name here 8
Clearance • Types • Various different categories of information and operations • Levels • Multiple levels for degree of information privilege • Multiple organisations may hold and maintain clearances for individuals • Only limited numbers provide them Presentation to insert name here 9
Clearance • Government • Baseline Personnel Security Standard (BPSS) are not formal security clearances; they are a package of pre-employment checks that represent good recruitment and employment practice. • Counter Terrorist Check (CTC) is required for personnel whose work involves close proximity to public figures, gives access to information or material vulnerable to terrorist attack or involves unrestricted access to certain government or commercial establishments. A (CTC) does not allow access, or knowledge, or custody, of protectively marked assets and information. The check includes a Baseline Personnel Security Standard Check (BPSS) and also a check against national security records. To gain (CTC) clearance you will normally have had to have been a resident in the UK for a minimum of 3 years. Presentation to insert name here 10
Clearance • Security Check (SC) is for people who have substantial access to SECRET, or occasional access to TOP SECRET assets and information. This level of clearance involves a (BPSS) check plus UK criminal and security checks and a credit check. To gain (SC) clearance you will normally have had to have been a resident in the UK for a minimum of 5 years. • Developed Vetting (DV) is the highest level of Security Clearance and is required for people with substantial unsupervised access to TOP SECRET assets, or for working in the intelligence or security agencies. This level of clearance involves Security Check (SC) and, in addition, completion of a (DV) questionnaire, financial checks, checking of references and a detailed interview with a vetting officer. To gain (DV) clearance you will normally have had to have been a resident in the UK for a minimum of 10 years. Presentation to insert name here 11
Clearance • Security Check (SC) is for people who have substantial access to SECRET, or occasional access to TOP SECRET assets and information. This level of clearance involves a (BPSS) check plus UK criminal and security checks and a credit check. To gain (SC) clearance you will normally have had to have been a resident in the UK for a minimum of 5 years. • Developed Vetting (DV) is the highest level of Security Clearance and is required for people with substantial unsupervised access to TOP SECRET assets, or for working in the intelligence or security agencies. This level of clearance involves Security Check (SC) and, in addition, completion of a (DV) questionnaire, financial checks, checking of references and a detailed interview with a vetting officer. To gain (DV) clearance you will normally have had to have been a resident in the UK for a minimum of 10 years. Presentation to insert name here 12
Activities • Board • Define what strategy the organisation will follow to be successful • Executive • Implement the strategy and report on BAU, develop new strategic ideas • Marketing • Construct services and products that fulfill the strategy • Sales • Identify clients and markets where products and services Presentation to insert name here 13
Activities • Consultancy Floor • Technical Account Managers • Team Leads • Penetration Testers, Auditors, Analysts • Quality Assurance • Trainers Presentation to insert name here 14
Presentation to insert name here 15
Testing and The Law Computer Misuse Act 1990 • Unauthorised use or interference • Data Protection Act 2000 • Personally Identifiable Information • The Communications Act 2003 • Improper use of public communications services • Regulation of Investigatory Powers Act 2000 • Control of lawful interception of traffic Presentation to insert name here 16
International Law PIPEDA – Canada's Data Protection Act • Safe Harbour • US Initiative to mitigate EU's strict data protection – US companies apply to be safe harbours for EU PII • US Cryptographic Export Controls • Also import of encrypted data and systems Presentation to insert name here 17
Presentation to insert name here 18
International Law PIPEDA – Canada's Data Protection Act • Safe Harbour • US Initiative to mitigate EU's strict data protection – US companies apply to be safe harbours for EU PII • US Cryptographic Export Controls • Also import of encrypted data and systems Presentation to insert name here 19
International Law PIPEDA – Canada's Data Protection Act • Safe Harbour • US Initiative to mitigate EU's strict data protection – US companies apply to be safe harbours for EU PII • US Cryptographic Export Controls • Also import of encrypted data and systems Presentation to insert name here 20
- Day 1 day 2 day 3 day 4
- Day 1 day 2 day 817
- Web application penetration testing roadmap
- Ncrack vs hydra
- Going rate pricing example
- Week 16 homework: penetration testing 1
- Owasp testing methodology
- Cryptography penetration testing
- Hronline10
- Penetration testing portland
- Penetration testing using kali linux
- Penetration testing
- Osvdb-3268 exploit
- Water penetration test for windows
- 666
- International training and development
- William beanes elementary school
- Oceans apart day after day meaning
- Day to day maintenance
- As your room gets messier day by day, entropy is
- Tomorrow i dont know