Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 10

Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?

0

Share

Download to read offline

Ethical hacking helps organizations in preventing the exploitation and vulnerabilities of their system’s data.

Today, several real-world testing methods are used to avoid cyber-attacks and secure important data from exploitation.

The webinar covers

• Ethical Hacking
• Penetration Testing
• Differences and Similarities
• Types & Stages of Penetration Testing
• Cybersecurity
• Impact of COVID-19 on Cybersecurity

Presenters:

Carl Carpenter

Carl is a former CISO of a $6B entity where he was responsible for protecting data of all types and regulatory environments such as FFIEC, HIPAA, and PCI as well as working with the FBI, IRS, and US Department of Labor around investigations relating to money laundering. He has performed assessments against Fortune 10 and 50 companies in the areas of GDPR, CCPA, ISO/IEC 27001 and currently performs CMMC assessments as well as CMMC pre-audit support to help ensure a successful CMMC audit. Prior to that, Carl retired from the US Military where he was involved in counter-terrorist, counter-narcotics, counter-intelligence operations and training foreign military members in these same concepts. Carl is also a PECB trainer in ISO/IEC 27001, ISO/IEC 27032, and CMMC Foundations and holds numerous other certifications.

In 2016, Carl joined Arrakis Consulting where he started as an auditor and providing CISO-as-a-Service to small or medium sized companies that needed more experience without increased cost. In 2017, Carl added active penetration testing to his portfolio of skills and routinely performs penetration tests against companies of all sizes. Carl also trains people on a variety of skills such as penetration testing, network engineering, network administration, OSI model, subnetting, etc…

Carl holds a Bachelors from Western Governors University in Network Security and Operations as well as numerous certifications from ITIL, Cisco, CompTIA, Microsoft, CMMC-AB, ISACA, OneTrust, RSA, PCI Council, Citrix, and Novell


Andreas Christoforides

Mr. Christoforides is an active IT auditor and a trainer for a various organization on Information Security Management Systems. He is a member of the Cyprus Computer Society, a PECB certified trainer for ISO/IEC 27001, ISO 22301 and GDPR CDPO, and a former Deputy Head of IT Infrastructure at a Bulgarian Leading Bank.

In 2019, he joined BEWISE and delivered to clients a wide range of Cybersecurity projects in the areas of strategy, governance and risk management, data privacy and protection (GDPR), and business resilience and recovery. He conducts IT Risk Assessments and develops IT policies and procedures towards establishing an effective and secure IT Governance framework.

Mr. Christoforides holds a BEng degree from Birmingham City University and a variety of other qualifications from Microsoft and CISCO.

YouTube video: https://youtu.be/cTrdBZFIFhM
Website link: https://pecb.com/

Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?

  1. 1. Agenda  Differences and Similarities  Ethical Hacking  Penetration Testing  Types & Stages of Penetration Testing  Cybersecurity  Impact of COVID-19 on Cybersecurity  How to get involved  Why this is a big deal  Things to watch out for…  Qs & As
  2. 2. • In a holistic approach the two (EH vs PT) can be one and the same but there are some differences. • However, ethical hacking and penetration testing (pentesting) is only a subset of cybersecurity. Quick Differences or similarities
  3. 3. • Hacking with ethics – IOW, to act as an attacker to help a client understand weaknesses before discovered by a bad actor. • Ethical hackers generally conform to a legal code of ethics in order to perform activities in a trusted manner. • Quite often, ethical hacking is more focused on technology exploits rather than the true nature of a bad actor. • Could be viewed as unrealistic (timeline constraints, technology constraints, mirrored environments, cloud environments, etc…) when compared to an actual bad actor. Ethical Hacking
  4. 4. • Not the same as ethical hacking, but similar, as penetration testing could fall under similar activities as hacking. • However, penetration testing can cover more than just technology and can include physical, humans, etc… • Different categories (Black, grey, white) • Can be internal and external Penetration Testing
  5. 5. • Cyber security standards enable organizations to practice safe security techniques to minimize the number of successful cyber security attacks • Cyber security refers to the technologies and processes designed to protect computers, networks and data from unauthorized access, vulnerabilities and attacks delivered via Internet by cyber criminals • Cyber security protects the data and integrity of computing assets belonging to or connecting to an organization's network. Its purpose is to defend those assets against all threat actors throughout the entire life cycle of a cyber attack What is Cyber Security?
  6. 6. • Impact on digital working and cybersecurity. Includes: 350 cyberattacks in April 2020 in Switzerland https://www.swissinfo.ch/eng/jump-in-cyber-attacks-during-covid- 19-confinement/45818794 47% of individuals fall for phishing scams while working at home https://www.tessian.com/blog/why-we-click-on-phishing-scams/ Cyberattacks on video conferencing services https://www.bleepingcomputer.com/tag/credential-stuffing/ Impact of COVID-19 on Cybersecurity
  7. 7. Learn: • Concepts of network engineering (TCP/IP, OSI model, etc… doesn’t change regardless of the vendor). Get a starter cert such as a CCNA. • Windows OS • Various regulations, this provides you a potential client base that can hire you. • Attain certifications as an auditor (ISO27001, ISO22301), your reports become irrefutable when you can quote regulation. • Understand basic concepts of cybersecurity law as it relates to data privacy (GDPR) Cybersecurity (pentesting) can work closely with privacy. • Attend a course related to penetration testing. • Make connections…but be careful of what connections you make. • Learn about Kali Linux ! • Install a VM and test your skills. How to get involved
  8. 8. • There is currently no regulatory environment (in the USA) that doesn’t require penetration testing of some sort and all require adequate cybersecurity • Pentesters come with a unique skill and mind set….cybersecurity does not. • Vulnerabilities are being discovered and exploited faster than people can be trained or vulnerabilities remediated. This requires a cybersecurity work force that is required to constantly think outside the box. • As of Feb, 2021 – 314K unfilled cybersecurity jobs in USA and 3.5M globally. In comparison, there were only 1M unfilled in 2014. Why this is a big deal?
  9. 9. THANK YOU ? A.christoforides@bewise.com.cy Andreas Christoforides carl@arrakisconsulting.com Carl Carpenter

×