Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Intro to Cybersecurity Workshop

Avatar for John Downey John Downey
July 24, 2017
Technology
0
130

Intro to Cybersecurity Workshop

Avatar for John Downey

John Downey

July 24, 2017
Tweet

More Decks by John Downey

See All by John Downey
Cryptography Pitfalls at CactusCon 2019
Avatar for John Downey jtdowney
0
170
Cryptography Pitfalls at BsidesMSP 2017
Avatar for John Downey jtdowney
0
180
Cryptography Pitfalls at THOTCON 0x8
Avatar for John Downey jtdowney
0
180
Cryptography Pitfalls at ConFoo Montreal 2017
Avatar for John Downey jtdowney
1
350
Cryptography Pitfalls at BSidesPhilly 2016
Avatar for John Downey jtdowney
0
150
Cryptography Pitfalls at LASCON 2016
Avatar for John Downey jtdowney
0
200
Debugging TLS/SSL at DevOps Days Detroit 2016
Avatar for John Downey jtdowney
1
260
Debugging TLS/SSL at DevOpsDays Boston
Avatar for John Downey jtdowney
1
350
Cryptography Pitfalls at Abstractions
Avatar for John Downey jtdowney
0
110

Other Decks in Technology

See All in Technology
AIでテストプロセスを自動化しよう251113.pdf
Avatar for K_SAK sakatakazunori
0
130
はじめての OSS コントリビューション 〜小さな PR が世界を変える〜
Avatar for Chihiro Ito chiroito
4
290
“それなりに”安全なWebアプリケーションの作り方
Avatar for Ryusei Ishikawa xryuseix
0
360
Black Hat USA 2025 Recap ~ クラウドセキュリティ編 ~
Avatar for Kyohei Mizumoto kyohmizu
0
530
今、MySQLのバックアップを作り直すとしたら何がどう良いのかを考える旅
Avatar for yoku0825 yoku0825
0
290
Master Dataグループ紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
3.9k
AIと共に開発する時代の組織、プロセス設計 freeeでの実践から見えてきたこと
Avatar for freee freee
3
670
クレジットカードの不正を防止する技術
Avatar for Yuta Horii yutadayo
16
7.3k
機密情報の漏洩を防げ! Webフロントエンド開発で意識すべき漏洩パターンとその対策
Avatar for mizdra mizdra
PRO
9
3.2k
レビュー負債を解消する ― CodeRabbitが支えるAI駆動開発
Avatar for Atsushi Nakatsugawa moongift
PRO
0
270
こんな時代だからこそ! 想定しておきたい アクセスキー漏洩後のムーブ
Avatar for Takuya Yonezawa takuyay0ne
4
570
Introducing RFC9111 / YAPC::Fukuoka 2025
Avatar for Ken’ichiro Oyama k1low
1
230

Featured

See All Featured
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
Scaling GitHub
Avatar for Zach Holman holman
463
140k
Building an army of robots
Avatar for Kyle Neath kneath
306
46k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
190
11k
What’s in a name? Adding method to the madness
Avatar for Product Marketing Alliance productmarketing
PRO
24
3.8k
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
9
380
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
45
8k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
36
6.1k
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
80
6.1k
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
84
9.3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
508
140k

Transcript

  1. Intro to Cybersecurity John Downey | @jtdowney http://bit.ly/2tTOeu1 1

  2. Intro to Cybersecurity Information Security John Downey | @jtdowney http://bit.ly/2tTOeu1

    2

  3. whoami 4 John Downey 4 Security Lead at Braintree 4

    All self taught 4 No certifications http://bit.ly/2tTOeu1 3

  4. Managing Risk Risk = Liklihood × Impact http://bit.ly/2tTOeu1 4

  5. Likelihood http://bit.ly/2tTOeu1 5

  6. Threat Actors 4 Skill 4 Motive 4 Opportunity 4 Organization

    http://bit.ly/2tTOeu1 6

  7. Vulnerability 4 Ease of discovery 4 Ease of exploitation 4

    Awareness 4 Zero day http://bit.ly/2tTOeu1 7

  8. Impact http://bit.ly/2tTOeu1 8

  9. Technical Loss 4 Confidentiality 4 Integrity 4 Availability http://bit.ly/2tTOeu1 9

  10. Damages 4 Financial 4 Reputation 4 Leadership Change http://bit.ly/2tTOeu1 10

  11. Mitigation Approach http://bit.ly/2tTOeu1 11

  12. Prevention 4 Segmentation 4 Access control lists 4 Training 4

    Testing 4 Governance http://bit.ly/2tTOeu1 12

  13. Detection 4 Scanning 4 Intrusion detection systems 4 File integrity

    monitoring 4 Antivirus http://bit.ly/2tTOeu1 13

  14. Response 4 Incident response plans 4 Security operations center 4

    Digital forensics 4 Active mitigtaion http://bit.ly/2tTOeu1 14

  15. Case Studies http://bit.ly/2tTOeu1 15

  16. Denial of Service http://bit.ly/2tTOeu1 16

  17. http://bit.ly/2tTOeu1 17

  18. http://bit.ly/2tTOeu1 18

  19. Tips 4 Evaluate the risk 4 Maybe have a plan

    for dealing with a DDoS attack http://bit.ly/2tTOeu1 19

  20. Password Reuse http://bit.ly/2tTOeu1 20

  21. http://bit.ly/2tTOeu1 21

  22. http://bit.ly/2tTOeu1 22

  23. Tips 4 Use a password manager 4 Enable two-factor authentication

    everywhere 4 Resources 4 https://haveibeenpwned.com 4 https://opensource.com/article/17/2/password- management http://bit.ly/2tTOeu1 23

  24. Software Patching http://bit.ly/2tTOeu1 24

  25. http://bit.ly/2tTOeu1 25

  26. http://bit.ly/2tTOeu1 26

  27. Tips 4 Turn on automatic updates 4 Don't dismiss or

    ignore updates 4 Keep all devices up to date 4 Help out those who aren't as security savvy http://bit.ly/2tTOeu1 27

  28. Software Bug http://bit.ly/2tTOeu1 28

  29. http://bit.ly/2tTOeu1 29

  30. Tips 4 OWASP - https://www.owasp.org 4 WebGoat - https://github.com/WebGoat/WebGoat 4

    Hacksplaining - https://www.hacksplaining.com http://bit.ly/2tTOeu1 30

  31. Workshop 4 Verizon Data Breach Report - http://vz.to/2qihidi 4 Hacksplaining

    - https://www.hacksplaining.com 4 WebGoat - https://github.com/WebGoat/WebGoat 4 flAWS - http://flaws.cloud http://bit.ly/2tTOeu1 31

  32. Image Credits 4 https://flic.kr/p/bov2cY 4 https://flic.kr/p/aoSXLS 4 https://flic.kr/p/npSVNU 4 https://en.wikipedia.org/wiki/Information_security

    4 https://en.wikipedia.org/wiki/PAVE_PAWS http://bit.ly/2tTOeu1 32