Penetration Testing Training Day Penetration Testing Careers Mike

  • Slides: 20
Download presentation
Penetration Testing Training Day Penetration Testing Careers Mike Westmacott, Chair YPISG, Consultant IRM plc

Penetration Testing Training Day Penetration Testing Careers Mike Westmacott, Chair YPISG, Consultant IRM plc

Where to begin? • Here! Show an interest! • Understand the role • Disadvantages

Where to begin? • Here! Show an interest! • Understand the role • Disadvantages to it are… • …nothing compared to the benefits! • It’s not easy! • Plenty of different roles Presentation to insert name here 2

The Industry • Not a huge number of players • Pure pentest • Pure

The Industry • Not a huge number of players • Pure pentest • Pure consultancy • Hybrids Presentation to insert name here 3

What to clients require? • Assurance • Box ticking • Expertise • Understanding •

What to clients require? • Assurance • Box ticking • Expertise • Understanding • Help! • Ultimately: Value Presentation to insert name here 4

What’s the value chain? • We provide reports • We have expertise to quickly

What’s the value chain? • We provide reports • We have expertise to quickly create outcomes • The reports we provide cost less than employing full time specialists • We are the experts Presentation to insert name here 5

How are consultancy companies structured? • Trainees • Junior Consultants • Senior Consultants •

How are consultancy companies structured? • Trainees • Junior Consultants • Senior Consultants • Managing Consultants • Project Services • Sales • Back Office • Board Presentation to insert name here 6

Who provides training? • Many… • BCS, ISC 2, SANS • Crest, Tiger •

Who provides training? • Many… • BCS, ISC 2, SANS • Crest, Tiger • Offensive Security, MDSec, 7 Safe, IRM • Professional Groups • BCS, IISP Presentation to insert name here 7

Ongoing training and requirements • Government Work • The National Technical Authority for Information

Ongoing training and requirements • Government Work • The National Technical Authority for Information Assurance • Check • Security Clearance • Police • PCI • QSA (Qualified Security Assessor) Presentation to insert name here 8

Clearance • Types • Various different categories of information and operations • Levels •

Clearance • Types • Various different categories of information and operations • Levels • Multiple levels for degree of information privilege • Multiple organisations may hold and maintain clearances for individuals • Only limited numbers provide them Presentation to insert name here 9

Clearance • Government • Baseline Personnel Security Standard (BPSS) are not formal security clearances;

Clearance • Government • Baseline Personnel Security Standard (BPSS) are not formal security clearances; they are a package of pre-employment checks that represent good recruitment and employment practice. • Counter Terrorist Check (CTC) is required for personnel whose work involves close proximity to public figures, gives access to information or material vulnerable to terrorist attack or involves unrestricted access to certain government or commercial establishments. A (CTC) does not allow access, or knowledge, or custody, of protectively marked assets and information. The check includes a Baseline Personnel Security Standard Check (BPSS) and also a check against national security records. To gain (CTC) clearance you will normally have had to have been a resident in the UK for a minimum of 3 years. Presentation to insert name here 10

Clearance • Security Check (SC) is for people who have substantial access to SECRET,

Clearance • Security Check (SC) is for people who have substantial access to SECRET, or occasional access to TOP SECRET assets and information. This level of clearance involves a (BPSS) check plus UK criminal and security checks and a credit check. To gain (SC) clearance you will normally have had to have been a resident in the UK for a minimum of 5 years. • Developed Vetting (DV) is the highest level of Security Clearance and is required for people with substantial unsupervised access to TOP SECRET assets, or for working in the intelligence or security agencies. This level of clearance involves Security Check (SC) and, in addition, completion of a (DV) questionnaire, financial checks, checking of references and a detailed interview with a vetting officer. To gain (DV) clearance you will normally have had to have been a resident in the UK for a minimum of 10 years. Presentation to insert name here 11

Clearance • Security Check (SC) is for people who have substantial access to SECRET,

Clearance • Security Check (SC) is for people who have substantial access to SECRET, or occasional access to TOP SECRET assets and information. This level of clearance involves a (BPSS) check plus UK criminal and security checks and a credit check. To gain (SC) clearance you will normally have had to have been a resident in the UK for a minimum of 5 years. • Developed Vetting (DV) is the highest level of Security Clearance and is required for people with substantial unsupervised access to TOP SECRET assets, or for working in the intelligence or security agencies. This level of clearance involves Security Check (SC) and, in addition, completion of a (DV) questionnaire, financial checks, checking of references and a detailed interview with a vetting officer. To gain (DV) clearance you will normally have had to have been a resident in the UK for a minimum of 10 years. Presentation to insert name here 12

Activities • Board • Define what strategy the organisation will follow to be successful

Activities • Board • Define what strategy the organisation will follow to be successful • Executive • Implement the strategy and report on BAU, develop new strategic ideas • Marketing • Construct services and products that fulfill the strategy • Sales • Identify clients and markets where products and services Presentation to insert name here 13

Activities • Consultancy Floor • Technical Account Managers • Team Leads • Penetration Testers,

Activities • Consultancy Floor • Technical Account Managers • Team Leads • Penetration Testers, Auditors, Analysts • Quality Assurance • Trainers Presentation to insert name here 14

Presentation to insert name here 15

Presentation to insert name here 15

Testing and The Law Computer Misuse Act 1990 • Unauthorised use or interference •

Testing and The Law Computer Misuse Act 1990 • Unauthorised use or interference • Data Protection Act 2000 • Personally Identifiable Information • The Communications Act 2003 • Improper use of public communications services • Regulation of Investigatory Powers Act 2000 • Control of lawful interception of traffic Presentation to insert name here 16

International Law PIPEDA – Canada's Data Protection Act • Safe Harbour • US Initiative

International Law PIPEDA – Canada's Data Protection Act • Safe Harbour • US Initiative to mitigate EU's strict data protection – US companies apply to be safe harbours for EU PII • US Cryptographic Export Controls • Also import of encrypted data and systems Presentation to insert name here 17

Presentation to insert name here 18

Presentation to insert name here 18

International Law PIPEDA – Canada's Data Protection Act • Safe Harbour • US Initiative

International Law PIPEDA – Canada's Data Protection Act • Safe Harbour • US Initiative to mitigate EU's strict data protection – US companies apply to be safe harbours for EU PII • US Cryptographic Export Controls • Also import of encrypted data and systems Presentation to insert name here 19

International Law PIPEDA – Canada's Data Protection Act • Safe Harbour • US Initiative

International Law PIPEDA – Canada's Data Protection Act • Safe Harbour • US Initiative to mitigate EU's strict data protection – US companies apply to be safe harbours for EU PII • US Cryptographic Export Controls • Also import of encrypted data and systems Presentation to insert name here 20

Penetration Testing Dr X Pen Testing Penetration TestingPenetration Testing Dr X Pen Testing Penetration Testing
Penetration Testing 12142021 Penetration Testing 1 What IsPenetration Testing 12142021 Penetration Testing 1 What Is
Penetration Testing Part one the concept of penetrationPenetration Testing Part one the concept of penetration
Penetration Testing Part one the concept of penetrationPenetration Testing Part one the concept of penetration
Pricing Strategies Pricing Strategies Penetration Pricing Penetration PricingPricing Strategies Pricing Strategies Penetration Pricing Penetration Pricing
EUROPEAN HOUSEHOLD ONLINE PENETRATION Online penetration of EuropeanEUROPEAN HOUSEHOLD ONLINE PENETRATION Online penetration of European
Penetration Test Pen Test Penetration Test Pen TestPenetration Test Pen Test Penetration Test Pen Test
Day by day Day by day Day byDay by day Day by day Day by
The Careers Service Careers Day Interviews Interview essentialsThe Careers Service Careers Day Interviews Interview essentials
The Careers Service Careers Day Assessment Centres WhatThe Careers Service Careers Day Assessment Centres What
WEB APPLICATION TESTING Web Application Penetration Testing 17WEB APPLICATION TESTING Web Application Penetration Testing 17
MIKE HAND TRAINING Modern Slavery and CSE MikeMIKE HAND TRAINING Modern Slavery and CSE Mike
UNIT TESTING INTEGRATION TESTING AND SYSTEM TESTING TestingUNIT TESTING INTEGRATION TESTING AND SYSTEM TESTING Testing
MCA Testing MCA Testing MCA Testing Day 19MCA Testing MCA Testing MCA Testing Day 19
464 DAY BY DAY Day by day and464 DAY BY DAY Day by day and
464 DAY BY DAY Day by day and464 DAY BY DAY Day by day and
Kindergarten Day 1 Day 2 Day 3 DayKindergarten Day 1 Day 2 Day 3 Day
296 Day by Day 13 Day by day296 Day by Day 13 Day by day
Contents Day 1 Day 2 Day 3 DayContents Day 1 Day 2 Day 3 Day