Choose Your Own Adventure: A Career Guide to InfoSec

Presented at BSides Austin 2018, March 8, 2018, 3:30 p.m. (60 minutes).

Information security (infosec) is a very broad field that may seem to have a high barrier of entry from the outside. If all you know of infosec is from exaggerated news or security conference press coverage, it may seem that many of the engineers and researchers in the fields are as much magicians as they are scientists. That's rarely the case. STEM fields have many different specialities that each have their own skill sets and focus. Practitioners form a base set of foundational skills and then dive deeper into specialized skills depending on the focus; infosec is no different. This talk intends to break down the field of infosec into some high-level fields of expertise and break down the skills needed to pursue one of the many types of professional jobs available in the industry. This will reveal foundational skills that are helpful no matter which field of infosec you might focus on, as well as some recommendations for next-steps to enhance your field-specific knowledge.


Presenters:

  • Aaron Portnoy - Vulnerability Research Group Lead - Raytheon CSI
    Aaron has worked professionally in the vulnerability research space for over a decade. He specializes in reverse engineering and exploit development and has given numerous training classes on the topics to beginners. He currently works at Raytheon where he manages a team and works on difficult VR tasks. Previously, Aaron ran the research team at Exodus Intelligence and was featured in a TIME magazine cover story highlighting his founding of the company. Prior to that, Aaron was the manager of the Zero Day Initiative where he oversaw the world's largest bug bounty program and launched the infamous Pwn2Own competition.
  • Andre Protas - Vulnerability Researcher - Raytheon CSI
    Andre has worked professionally in infosec since 2005. Over his career he has been involved in most aspects of offense, fromvulnerability research to operations. He holds a few diplomas but avoids work that require them. Currently he supports Raytheon customers and happily spends all of his time in debuggers and disassemblers. Previously he contributed to and led different types of research and development teams at eEye Digital Security and CyberPoint International.

Links:

Similar Presentations: