Professional Documents
Culture Documents
Industry Opportunities
Defensive Security
Offensive Security Common– • Firewall
• Penetration testing • Threat Intelligence • Intrusion detection
• Social Engineering • Vulnerability • Encryption
• Exploit Management • Antivirus/Anti-
Development • Disaster Recovery malware
• Red teaming • Incident Response • Identity & Access
• … • Security Awareness Control
Training • System Hardening
• Application Security • Data Loss Prevention
Testing • …
July 2023 3
INDUSTRY OPPORTUNITIES
July 2023 4
CYBER SECURITY MARKET
July 2023 5
CYBER SECURITY DOMAIN OVERVIEW
a) DevSecOps
b) SAST/DAST
c) Threat modelling & pen testing
d) Infrastructure Vulnerability assessment
e) IAM (SSO, IGA, PAM etc.)
f) Data privacy requirements
g) Data masking, encryption, certificate, key
management
h) WAF, firewall, IDS/IPS
i) Security monitoring
j) Audit and compliance
• Microsoft Windows Hello provides MFA authentication using fingerprint, PIN, facial recognition.
However, it has some limitation in terms of MFA using OTP to phone.
• One possible option is to use Cisco Duo MFA solution with agents installed on supported
endpoints/devices.
• All systems and applications within the enterprise using SSL v3 need to switch to TLS 1.2
• This will affect many enterprise applications, perimeter security components, policy and
standards, endpoint devices etc.
• Create enterprise wide plan for the change for all applications at all environments
Key Roles
• Security operations manager
• Compliance Auditor
• Incident Responder
• SOC analyst
• Threat hunter
Reference:
https://www.paloaltonetworks.com/cy
berpedia/what-is-a-soc
Key Tools - SIEM, VM, EDR, UEBA (user and entity behaviour analytics)
• SIEM/SOC service
Microsoft, IBM, Splunk, Sumo Logic,
• Incident detection and response service (SOAR, XSOAR)
Rapid7, Securonix etc.
• Extended detection and response (XDR)
July 2023 15
APPLICATION SECURITY
July 2023 16
DATA SECURITY
July 2023 17
RISK AND COMPLIANCE
ProofPoint, Cofense,
• Security awareness and training
KnowBe4, Terranova etc.
July 2023 18
EXAMPLES OF INDUSTRY TRENDS
• IoT Security
• FIDO (First Identity Online)
July 2023 20
DECENTRALIZED IDENTITY