A career in Information Security

De Ensiwiki
Aller à : navigation, rechercher

CDROM.png  Informatique  Security logo.png  Sécurité 

Sommaire

Résumé - une carrière ou un stage dans la sécurité de l'information

Relativement au domaine de la sécurité informatique, sont présentés ici:

  • différents métiers possibles
  • différentes entreprises et laboratoires (et le(s) contacts conseillés)
  • des conseils pour une recherche de stage ou de travail
  • des contacts d'anciens Ensimag

Information security jobs

Auditor

  • Certification types: ISO27001 lead auditor, ISO27002, ISO27005 ...

CSA

Chief Security Advisor

Companies

#Microsoft #Google

CSO

Chief Security Officer

Companies

#Microsoft #Google

Infrastructure designer

Forensics

Blog d'un informaticien expert judiciaire (parle beaucoup de forensics) : Zythom

Malware analysis

Network administrator

Pentester

Si vous êtes étudiant, ce billet répondra à vos questions. (Voir aussi le reste du blog)

Product integrator

Description

An architect has previously designed an infrastructure to be integrated in a customer existing IT infrastructure. Some - generally informal - specifications were written: which software version will be used? where would the routers be located? how should they behave? ... A product integrator will integrate the components of the solution (software and/or hardware) in a limited timeframe.

Required skills

  • Adaptability: each team has a different way of working.
  • Analysis: since some requirements are informal, you will have to translate them in concrete terms.
  • Outgoing: do not hesitate to ask questions to your project manager (and eventually to the customer).
  • Quick learner: you will have to learn new technologies quickly and link them to your current knowledge.
  • Vulgarization: you will sometimes interact with people who will not have the same expertise level on the product as you. Thus you will have to express yourself in a clear way without defining too many words.

Pros

  • Customer relation: you will sometimes interact with the customer. You will meet several people of their staff, sometimes event CSO.
  • Technical expertise
  • Challenging environment

Cons

  • Stressful: since you have to work in a limited timeframe, you will have to work efficiently and with some kind of pressure (customer, manager). Sometimes you also will learn the technologies on your free time, in order to perform quickly when you are at the customer office.

Companies

Project Manager

Software engineer

Description

Participating in the development

Skills

  • Software development engineering

Certifications

Companies

Software engineer in test

Description

Conceiving original tests in order to ensure some security properties of a particular software application or architecture.

Companies

System administrator

Product evaluator

Vulnerability & test researcher

Funny video explaining a security researcher job and life

Information security skills

  • Communication
  • application penetration
  • network penetration
  • knowing what is a viable attack and what is not
  • knowing how data migrates around the network
  • network engineering
  • IDS/IPS interpretation of results
  • system administration
  • risk management
  • be creative

Competencies cloud

cloud computing, vulnerability research, exploit writing, technology watch, biometris, data leak prevention, disk and file level encryption, forensics analysis, governance, compliance, audit, identity & access management, incident handling & analysis, intrusion detection and prevention, litigation support, penetration testing, regulatory compliance & audit, secure code development, security architecture, smart cards, disposable passwords, tokens, threat/ vulnerability assessment management, VOIP security, Web content filters, malware & virus analysis

Information security certifications

ICS2 SSCP

Systems Security Certified Practitioner

ICS2 CISSP

Certified Information Systems Security Professional

ICS2 CSSLP

Certified Secure Software Lifecycle Professional

ISO 27001 lead auditor

ISO 27001 lead implementer

CISM

CISA

CEH

Certified Ethical Hacker

SOME Corporations & laboratories

short name location website Ensimag alumni additional information

AdvTool

Geneva, Switzerland [1]
Apple
ANSSI Paris, France [2] Guillaume Touron (Stage 2A) "Agence Nationale pour la Sécurité des Systèmes d'Information" (French Network and Information Security Agency)

Mission: Improve France's capability to protect its sensitive information systems

Main activities:

  • Security investigations:
    • Government infrastructures
    • Critical operators infrastructures
  • IT products security assessments (certifications)
  • IT security research (laboratories)
  • IT security training

Jobs:

  • IT security expert (penetration tests, Windows specialists...)
  • Cryptography expert
REVuln Malte [3]


  • HSC
  • EdelWeb / ON-X
  • XMCO
  • Verizon
  • LEXSI
  • NBS
  • CSC
  • FreeSecurity


  • Advens
  • Devoteam
  • iTrust
  • Provadys
  • Solucom



AGARIK

http://www.agarik.com

ATLAB

Pentest Paris

British Telecom

Ensimag alumni

Berkeley

University of California. Laboratory, University. Positions: PhD students, PostDoc researchers. http://www.eecs.berkeley.edu/Research/Projects/Areas/SEC.html

British Telecom(BT)

  • France, Paris
  • tests d'intrusion, audits de configuration/d'architecture, audit de code, audit post-incident (forensic), formations sécurité, IAM, politiques de sécurité,
  • R&D: 20%

Ensimag Alumni

BugSec

http://www.bugsec.com

Cassidian

http://www.cassidian.com/en_US

CERTA

An ANSSI division specialized in information security. http://www.certa.ssi.gouv.fr/certa/certa.html

Deloitte

http://www.deloitte.com pentest, security solutions architect

DenyAll

http://www.denyall.com/

DGA-MI (ex. celar)

http://www.defense.gouv.fr/dga Lieux: Rennes

DGSE


DVlabs

http://dvlabs.tippingpoint.com

EADS

EPFL

http://lasecwww.epfl.ch/

ESIEA

  • Contact:Eric Filiol
  • Specialities: Virology

EY

Ernst & Young

Ensimag Alumni working there in the Information Security field

Ilyas Djafri (2009-2012)

Evidian

  • Jobs : Authentication protocol expert, Single Sign-On expert, Cryptography expert
  • Number of employees: ~170 (August 2011)
  • Website: www.evidian.com

Ensimag alumni working there

Arnaud Maillet 2009-2012

Links

Evidian

Facebook

Gemalto

Ensimag Alumni working there

Mathieu Antoine

Google

Alexis Papadopoulos (2007)

Harmony security

http://www.harmonysecurity.com

HAPSIS

Hex-Rays

Company which develops IDA Pro :) http://www.hex-rays.com

  • internships in belgium

HSC

Herve Schauer Consulting

Immunity

Ensimag alumni working there

Links

INRIA

Intrinsec

http://securite.intrinsec.com/

Kaspersky

LEXSI

LIG

Logica

Ensimag alumni working there

Mancala networks

  • Grenoble
  • Network Security, NIDS, NIPS

Ensimag alumni

Pedro Paganela (2011)

Links

liens

Microsoft

Alumni

Fabien Duchene (2009-2010)

Microsoft Research

MIT

http://www.csail.mit.edu/ http://groups.csail.mit.edu/cis/cis-people.html

Oberthur

Oppida

http://www.oppida.fr

Quarkslab

http://www.quarkslab.com Paris

Sagem Defense Security

Smart cards, biometrics Main customer: french government.

Sekoia

Societe Generale CERT

https://cert.societegenerale.com/fr/contact.html

Sogeti-ESEC

Links

Alumni

Fabien Duchene (2010-2011)

Sourcefire

http://sourcefire.com/ SNORT authors.

Stanford Security Lab

http://seclab.stanford.edu/

Steria

Strategic Security

http://strategicsec.com

Symantec

Synaktiv

pentest, exploit http://synacktiv.com/


Sysdream

  • Jobs: pentester, security auditor, security researcher,
  • Number of employees: ~20 (March 2011)
  • Internship duration: 6 months (starting from February)
  • Number of interns: 4 (March 2011)
  • Application deadline: December
  • Contact: Human Ressources 01 78 76 58 00
  • Website:Sysdream

Ensimag alumni

Jeremy Brun-Nouvion

Tetrane

Thales

Telindus

Telindus security website

Toucan Systems

Verimag

Verizon

Vupen

0-day vulnerabilties and related exploitation codes for government agencies.


Final Customers

Every corporation has security needs. Thus the requirements for internal competencies related to the business core of the company. Here are some example of Ensimag almuni in such positions:

How do I extend my competencies?

Specialized master in information security

ESIEA - NIS master

This specialized master "Computer Security and CyberWarfare" seems to be one of the best in France. Several recognized actors of the security domain do teach there (eg: Eric Filiol). Topics taught in that specialized master range from operating systems, to cryptology, including foresics, pentesting, virology...

Telecom ParisTech

Infowar school

Ecole de Guerre Economique

Alumni students

La formation est assurée par des professionnels, et elle comprend beaucoup de projets. Nous avons des cours de géoéconomie, de management de l’information, de management stratégique, d'influence. Il n'y a jamais de partiels de type scolaires, mais des projets touchant à différentes problématiques à rendre, des projets annuels réalisés pour des entreprises... C'est une formation très axés sur la professionnalisation

Je suis cette formation car l'Intelligence Économique m'intéresse beaucoup. Il s'agit d'une formation où l'on côtoie des personnes venant d'horizons variés : école d'ingénieur, école de commerce, faculté (économie, droit...), Sciences Po, des professionnels, des militaires... Il est très intéressant de partager nos méthodes de travail, nos savoirs et savoirs faire. De plus, cette formation est classée N°1 en France depuis de nombreuses années en Intelligence Économique selon le cabinet SMBG (http://www.meilleurs-masters.com/master-intelligence-economique-et-knowledge-management.html?PHPSESSID=334fcde208f2d8ba67e8e549acfc7cfe)

La formation est très prenante, le niveau est assez intense et les sujets abordés sont très variés (risque, intelligence economique...). Il y a régulière ment 3 ou 4 projets à mener en parallèle, avec différentes équipes. Le réseau des anciens est aussi très présent, pour aider les étudiants et l'école.

Advices for applications

Some links

The 20 coolest jobs in information security