Starting this thread is easy…
I spotted many of people nowadays claimed that they are an “InfoSec Specialist” on their resume, Linkedin profile, etc. This will eventually makes life a bit more difficult for the HR personnel or inexperience hiring managers that are genuinely looking for a real-deal InfoSec Specialist to fill certain specific job roles.
So, here are things that separate them from the real specialists and experts out there. See if you may be considered into one of them (inadvertently or deliberately):
* You are not a Pentesting/Ethical Hacking Specialist if your day to day job just utilizing some tools to look for vulnerability such as Qualys, Nessus, OpenVAS, Nikto, Acunetix, and alike. We called these tools: Automated Vulnerability Scanners and using one of them simply does not makes you a Hacker or Pentester Specialist. To makes you a real Pentester, you need to be able to break into the systems manually and be able to gain root/administrator privileges on that system you are breaking (in which practically allowed you to do anything you wanted with that compromised system). Alternatively you should be able to demonstrate the capability to ex-filtrate any sensitive information out from its protected repositories even if you only given a standard user privilege access to that system.
* You are not a Malware Reverse Engineering Specialist if what you are doing simply googling the executable filenames or its MD5 hashes and look it up at VirusTotal or take that executables and run it into the the Automated Malware Sandbox Analyzer such as Cuckoo, VT, Malwr, GFI, etc. To be called a real Malware Reverse Engineering Specialist, you should be able to perform surgical of the malicious binary files using Hex Editor, Debugger and Disassembler and MOST IMPORTANTLY to be able to decode, de-obfuscate and probably decrypt the codes and logic behind the binary file and locate in which part of the code’s sub-routine that is/are doing evil as to validate if the binary is truly malicious.
* You are not a Cyber Threat Intelligent Specialist if what you do is just to read and forward InfoSec news to your bosses / IT Team without having a proper method on how to dissect, filter and process that information into a valuable intelligence that are useful for your organization in term of how to provide early detection, prevent and deter the cyber attack or casualties from arising or happening to your organization.
* You are not a Network Attack/DDoS Mitigator Specialist if what you do is merely to have your inbound internet link traffics routed behind a DDoS Scrubbing Provider (like Prolexic/Akamai, Verisign, Incapsula, etc) and you were involved to any DDoS attack events just because you were being called/paged-out by your DDoS cloud provider to joined their bridgeline and listening to what they are doing over the phone. To be called a specialist in this field, you need to know how exactly the Network/DDoS attacks coming to your network: the attack vectors, methods, protocols being abused, types of attacks, what is the mitigation control you have in-premise and on-the-cloud, when and what mitigations to activate, etc. You need to be proficient in reading and understand the underlying of packet captures and you also need to know how to build and enhance your defense posture to adapt with the ever increasing attack methods being launch and seen to-date.
* You are not Security Event Management Specialist if what you do is just to received event alerts from your IDSes or Log alerting/correlation tools (such as Splunk, ArcSight ESM, etc) and escalate this alerts to your security vendor or your system/network administrator. We called that role as “a postman” whom job function is simply doing Level-1 of event forwarding blindly to the proper team. In order to makes you a real Security Event Management Specialist, you need to be able to do some basic analysis of the events and to determine which ones are real events and which ones are false positive. You also needs to have capability to filter out and reduced any false positives by tuning the SIEM system you have access to.
* You are not Security Intrusion Analyst/Specialist if you are simply doing the above job roles of Security Event Management Specialist. To makes you a real deal Security Intrusion Analyst/Specialist, you need to be able to read inside packet capture and tell us on the spot of what is it really happening on any particular events. You also will need to be able to perform a holistic analysis even in the case where full packet capture is not available and you need to rely on other means likes system/proxy/firewall/network logs etc.
* You are not a Computer Forensic Specialist if what you know is just to check the system logs from any error message and to run anti-virus software to find out whether or not the system is infected by viruses. To be called a Computer Forensics Specialist, you need to be able to perform proper data acquisition of the evidence from HDD or any other storage, to preserve it well and ensure it is admissible to the court during trials, to be able to dig deeper down to the file system level of different OSes to find out artifacts of events being investigate, detecting and recovering deleted files from slack spaces and even to recover evidence from volume shadow copies, registry entries, prefetch data, etc. You also need to be proficient with handling volatile memory, know how to acquire them as well as to find malicious code could possibly hiding into other legitimate process(es) via process hollowing, etc.
Hope this article could provide some insight to any HR practitioner specializing in InfoSec recruitment or to any hiring managers that are truly looking for a better (if not one of the best) InfoSec Specialists out there to perform a real challenging jobs that required their true expertise of their respective fields.
I spotted many of people nowadays claimed that they are an “InfoSec Specialist” on their resume, Linkedin profile, etc. This will eventually makes life a bit more difficult for the HR personnel or inexperience hiring managers that are genuinely looking for a real-deal InfoSec Specialist to fill certain specific job roles.
So, here are things that separate them from the real specialists and experts out there. See if you may be considered into one of them (inadvertently or deliberately):
* You are not a Pentesting/Ethical Hacking Specialist if your day to day job just utilizing some tools to look for vulnerability such as Qualys, Nessus, OpenVAS, Nikto, Acunetix, and alike. We called these tools: Automated Vulnerability Scanners and using one of them simply does not makes you a Hacker or Pentester Specialist. To makes you a real Pentester, you need to be able to break into the systems manually and be able to gain root/administrator privileges on that system you are breaking (in which practically allowed you to do anything you wanted with that compromised system). Alternatively you should be able to demonstrate the capability to ex-filtrate any sensitive information out from its protected repositories even if you only given a standard user privilege access to that system.
* You are not a Malware Reverse Engineering Specialist if what you are doing simply googling the executable filenames or its MD5 hashes and look it up at VirusTotal or take that executables and run it into the the Automated Malware Sandbox Analyzer such as Cuckoo, VT, Malwr, GFI, etc. To be called a real Malware Reverse Engineering Specialist, you should be able to perform surgical of the malicious binary files using Hex Editor, Debugger and Disassembler and MOST IMPORTANTLY to be able to decode, de-obfuscate and probably decrypt the codes and logic behind the binary file and locate in which part of the code’s sub-routine that is/are doing evil as to validate if the binary is truly malicious.
* You are not a Cyber Threat Intelligent Specialist if what you do is just to read and forward InfoSec news to your bosses / IT Team without having a proper method on how to dissect, filter and process that information into a valuable intelligence that are useful for your organization in term of how to provide early detection, prevent and deter the cyber attack or casualties from arising or happening to your organization.
* You are not a Network Attack/DDoS Mitigator Specialist if what you do is merely to have your inbound internet link traffics routed behind a DDoS Scrubbing Provider (like Prolexic/Akamai, Verisign, Incapsula, etc) and you were involved to any DDoS attack events just because you were being called/paged-out by your DDoS cloud provider to joined their bridgeline and listening to what they are doing over the phone. To be called a specialist in this field, you need to know how exactly the Network/DDoS attacks coming to your network: the attack vectors, methods, protocols being abused, types of attacks, what is the mitigation control you have in-premise and on-the-cloud, when and what mitigations to activate, etc. You need to be proficient in reading and understand the underlying of packet captures and you also need to know how to build and enhance your defense posture to adapt with the ever increasing attack methods being launch and seen to-date.
* You are not Security Event Management Specialist if what you do is just to received event alerts from your IDSes or Log alerting/correlation tools (such as Splunk, ArcSight ESM, etc) and escalate this alerts to your security vendor or your system/network administrator. We called that role as “a postman” whom job function is simply doing Level-1 of event forwarding blindly to the proper team. In order to makes you a real Security Event Management Specialist, you need to be able to do some basic analysis of the events and to determine which ones are real events and which ones are false positive. You also needs to have capability to filter out and reduced any false positives by tuning the SIEM system you have access to.
* You are not Security Intrusion Analyst/Specialist if you are simply doing the above job roles of Security Event Management Specialist. To makes you a real deal Security Intrusion Analyst/Specialist, you need to be able to read inside packet capture and tell us on the spot of what is it really happening on any particular events. You also will need to be able to perform a holistic analysis even in the case where full packet capture is not available and you need to rely on other means likes system/proxy/firewall/network logs etc.
* You are not a Computer Forensic Specialist if what you know is just to check the system logs from any error message and to run anti-virus software to find out whether or not the system is infected by viruses. To be called a Computer Forensics Specialist, you need to be able to perform proper data acquisition of the evidence from HDD or any other storage, to preserve it well and ensure it is admissible to the court during trials, to be able to dig deeper down to the file system level of different OSes to find out artifacts of events being investigate, detecting and recovering deleted files from slack spaces and even to recover evidence from volume shadow copies, registry entries, prefetch data, etc. You also need to be proficient with handling volatile memory, know how to acquire them as well as to find malicious code could possibly hiding into other legitimate process(es) via process hollowing, etc.
Hope this article could provide some insight to any HR practitioner specializing in InfoSec recruitment or to any hiring managers that are truly looking for a better (if not one of the best) InfoSec Specialists out there to perform a real challenging jobs that required their true expertise of their respective fields.
Comments
Post a Comment