CSA WAI

security engineer includes managing the security posture, identifying and remediating vulnerabilities, performing threat modeling, and implementing threat protection.help you to translate organization's strategic requirements into actionable improvements in securing most valuable assets.

Different services to organization

- Review and implement wide range of InfoSec paradigms
- including the foundations of risk management
- implementing processes and controls
- designing information systems securely
- managing the day-to-day activities required to ensure security is maintained in organization.
- Auditing and reviewing the threat landscape
Security reviews and threat modeling
Security assessments
Red team
Purple team
Blue team
Tabletop exercises
Research and development
Security education and awareness training
Threat Intelligence
Coordinating with risk management groups and leadership
Security integration with engineering processes

Responsibilities:

Cyber security standards
NIST CSF , CIS, CISA, Zero Trust, Defense in depth
To determine security requirements by evaluating business strategies
Researching information security standards
Application security and vulnerability management
Providing remediation recommendation upon vulnerability findings
Enforcing best practices
- Baseline architecture/standards and security controls
- - Cloud
  - On premise
  - datacenter

Frameworks

NIST Cyber Security Framework
ISO 27001 and ISO 27002

On Prem Network architecture

Network configurations
- VPN global protect
- Cisco firewall
- Switch configuration
- VLAN Segmentation
- Segmentation auditing
- Servers
- Routers
- Access points
- Which topologies we follow
- Where are the datacenters
- What is business continuity and DR plan
- TCP/IP
- OSI
- IP v4
- IP v6
- DHCP
- PAM
- IPAM
- SNMP
- QOS cisco wireless
- subnets
- Network management protocols
- Routing protocols
- Security controls
- SDN
- Network management
- - Fault
  - Configuration
  - Performance
  - Security
  - Accounting
- Which topology to use for continuously changing and hybrid environment ?
- Network down time management strategies

Cloud network architecture

Wireless network architecture

Secure Wi-Fi
Guest Wi-Fi
Wi-Fi protocols
Attacks on wireless devices

DevSecOps Architecture

Multi cloud scenarios
Automation pipelines
Application security architecture, enforcing security policies and standards
Secure development life cycle
How to enforce application security and get more visibility
- Logs
- Waf
- Load balancer
Focus on Java and PHP
Top vulnerabilities
- IOT
- OT
- Web
- API

Previously found scenarios
- XSS
- SQL injection
- IDOR
- SSRF
- Deserialization (python, java, PHP)
- XXE

Threat Modeling

New attacks/attack vectors
Risk assessment with architecture and business practices
Performing application security design reviews
New vulnerabilities and exploitation methods
Attack surface analysis and reduction
Targeting from
- External web Apps
- Services
- Assets
- Phishing
- Third party

Reverse engineering/binary analysis:

Firm ware
Ghidra static analysis
Angr
BAP
AFL

Applications

Compilers
- Types of compilers
- Code changes
Interpreters

IOT/embedded systems security

Best practices
Secure boot
Secure debug
Secure storage
Secure communication
Using digital twin to protect the IOT/OT and critical operations
Anti-debugging and anti reverse engineering

Red Team scenarios

Phishing email Modiska
Subdomain enumeration, .git

Malware analysis

Ghidra
How malwares evade and hide

Vulnerability Management

Networking:

Fundamentals
VPN
IDS
Routing and Switching

Cloud Security

AWS
Azure
GCP

Dataloss prevention:

DLP, AIP

Automotive standards

Iso sae21434 : https://www.iso.org/standard/70918.html , https://www.sae.org/standards/content/iso/sae21434
ISO Sae j3101 https://www.sae.org/standards/content/j3101_202002/

AWS

S3 buckets - exposure Grayhat Warfare.
Lamda
EC2
VPC
Aws cli
AWS API Gateway
connections outside of the VPC via a VPN
AWS inspector : for vulnerability analysis; runs automated security assessments on the EC2 instances

Questions:

different pen testing stages and strategies
What is threat modeling ? How to conduct and develop threat modeling for external facing web apps ? Mobile applications ?
How to develop threat modeling referring to PCI DSS standards
What is vulnerability
How to audit true positive and false positive
What is vulnerability management and assessment
CISA know vulnerability list
Federal department external pentest and scans
What are most recent vulnerabilities targeting
- Winword
- Outlook
- Log4j
What are remediation strategies
Who are APT groups and who targets your industry

ASV

ASN
Domain reverse/cert/subdomain
Masscan options
Namp

Ref

https://www.microsoft.com/en-us/security/blog/2018/06/06/cybersecurity-reference-architecture-security-for-a-hybrid-enterprise/

https://www.cloudflare.com/learning/ssl/why-use-tls-1.3/

WAF

Imperva
F5

Most common vulnerabilities

Responsibilities

Security Operations and Engineering

Develop
Implement
Maintenance

Security controls

End point detection and response
SIEM
Security automation
Vulnerability Management

Communicate with asset holders and stake holders

Inventory Management
- Cloud
- IOT
- On prem
SOAR/SIEM/VM
Continuous optimization tuning and monitoring platforms
Develop security playbooks
- Windows os
- Ad
- Azure active directory
- Security components
Log management
- On prem
- Cloud logging
- Heavy forwarders
- Cloud services logging
- Reliable log forwarding
Daily monitoring and health of systems
Security baseline
Scripts to retrieve and perform actions on windows systems
Soar integrations and api

Group policies
DNS
Load balancing techniques
SSO
MFA

PreviousRadom Topics :)NextCISSP

Last updated 5 months ago