1 / 15

Careers in Information Security

Careers in Information Security. Angelo Castigliola. Angelo Castigliola. Enterprise Information Security and Risk Management Systems Analyst for Unum. Application Security Architecture Winner of DHS National Cybersecurity Awareness Campaign Challenge 2010

kelli
Télécharger la présentation

Careers in Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Careers in Information Security Angelo Castigliola

  2. Angelo Castigliola • Enterprise Information Security and Risk Management Systems Analyst for Unum. • Application Security Architecture • Winner of DHS National Cybersecurity Awareness Campaign Challenge 2010 • Contributed to GNU open source project iWar featured in “Hacking Exposed Linux, 3rd Edition.”

  3. Presentation Agenda • Overview of careers in Information Security • Regulatory Laws and Compliance • Certifications • Professional Organizations • Q&A

  4. Three Tiers Of Security • Prevention • Regulatory Laws and Compliance • Vulnerability/Risk Assessments • Patch Management • Monitoring • Intrusion Detection • Viruses • Malicious Websites\Email • Response • Data Forensics • Customer Inquires into IT Security Mechanisms • Lost or Stolen Sensitive Data

  5. Identity Management • Governs user access to information systems and infrastructure. • Create and manage policies which are compliant with regulatory laws. • System IDs • Emergency Access • Architect solutions that automate the provisioning of user access.

  6. Intrusion Detection • Monitors enterprise for security threats. • Antivirus • Wi-Fi Monitoring • Network Traffic Monitoring • Email

  7. Forensics • Responds to internal and legal inquiries • Uses various forensics tools • BackTrack

  8. Regulatory Compliance • Governs enterprise polices to ensure compliance with Local State and Federal laws. • Sarbanes-Oxley Act 2002 • Gramm–Leach–Bliley Act 1999 • Health Insurance Portability and Accountability Act 1996 • International Regulatory Laws • UK Data Protection Act 1998 • EU's Data Protection Directive

  9. Industry Standards • North American Electric Reliability Corporation • Federal Energy Regulatory Commission • Federal Financial Institutions Examination Council • ISO 17799 • Information Technology Infrastructure Library

  10. Application Security Architecture • Consulting • Work with application teams to design secure systems. • Components • Architect solutions to standardized authenticationand authorizationprocesses. • Compliance • Govern policies for secure application development.

  11. Certifications • (ISC2) • Certified Information Systems Security Professional (CISSP) • Systems Security Certified Practitioner (SSCP) • Certified Secure Software Lifecycle Professional (CSSLP)

  12. Professional Organizations • TechMaineInfoSEC • Maine Bytes • ASIS

  13. Staying in Contact • castigliola.com • Facebook • Twitter • LinkedIn • Blog • Q&A

  14. My Original Job Posting • Launch your career at UnumProvident Corporation, an insurance industry Fortune 500 company positioned for strong future growth. The company's leadership position and tremendous growth potential makes it a place of outstanding professional opportunity. UnumProvident people display a spirit of innovation as well as pride in the social value of the products and services we provide. ** Due to the considerable candidate response we have received ? please apply for this position ONLY if you meet ALL required skills. **No Third Parties Please.This Security Architect position will be focused on candidates with BOTH Mainframe and RACF Admin experience. Responsibilities will include:*Assist in the oversight of security access and administration under the control of the mainframe (RACF, DB2, IDMS, IMS and Teradata)*Provide security consulting to business partners regarding mainframe security related issues.*Perform regular reviews of security access privileges.*Generate ongoing security access review reports*Assist in the development of a Security Access Administration Program.Principal Duties and Responsibilities *Continually evaluate vendor's product strategies and future product statements and advice, which will be most appropriate to pursue.*Perform ongoing security audits to ensure that the security posture is not compromised. *Assist in the development of sound security policies and procedures. *Provide technical security assistance to other areas within UnumProvident.*Conduct security policy violation investigations. *Monitor for inappropriate Internet and Internet E-mail usage*Assess reported security threats and weaknesses.*May perform other duties as assigned

  15. My Original Job Posting Cont. • Job Specifications:*Ability to work effectively in an ambiguous environment *Ability to work across geographical locations *BS or advanced degree in computer science or related discipline *Two or more years of information technology engineering, support or consulting experience, one of those years spent in system security or IT Audit related positions. *Basic understanding of UNIX, Windows NT/2000, OS/390 vulnerabilities *Basic understanding of threats and vulnerabilities associated with whole-site Intranet access and with broad access to the Internet and the World Wide Web. *Basic understanding of the principles of implementation and operation and experience with security technology such as firewalls, multi-level security implementation, Kerberos, smart cards, security assessment, monitoring and profiles tools (e.g., ISS), and password crackers. *Encryption techniques include key management *Strong oral and written communications skills *Strong analytical stills *CISSP a plusUnderstanding of the following security areas desired:*ACF, Top Secret, RACF *TCP/IP and X.25 *ISS Safesuite/Cisco Secure Solutions or equivalent products Internet Technologies (NNTP, Proxy, HTTP, HTTPS, HTLM, SSL, X.509) IPSEC *Unix security *Raptor & Checkpoint Firewall technologies *ACE Server/SecurID*MCI UUNET/PAL *Shiva/Radius *PGP & s/mime *Norton Anti-virus Cross suite *OS/390, NT, OS/2, Sun Solaris, AIXUnumProvident Corporation, offers competitive pay, relocation assistance and excellent benefits. Come join us if you're interested in working in an exciting and challenging environment for a company that is on the move! Please apply on-lineEqual Opportunity Employer This position may be posted for multiple office locations, please be sure to indicate your location preference in your cover letter.

More Related