Technical Skills:

Major Areas Of Focus:

  • Incident Response
  • Computer Forensics
  • Network Security
  • Secure Architecture

( Read More: CISO Platform Top IT Security Influencers (Part 1) )

Conceptual (Understand How-It-Works):

  • Fundamental security concepts- CIA Triad(Confidentiality,Integrity,Availability),Authentication vs Authorization vs Access control, Non-Repudiation etc.
  • Working Principles & Protocols of Internet- TCP/IP, IPV4, IPV6 etc.
  • Security Domains- MDM, IDS/IPS, Database, DLP etc.
  • Transport Layer- SMTP, MIME etc.
  • Social Engineering tactics
  • **Network security (Protocols, Configurations, Infrastructure, Vulnerabilities)- MIM, Spoofing, Firewall, Routers, Public Data networks etc.
  • **Coding Practices- Secure coding, Malicious code, Buffer Overflows,Cross-site scripting etc.
  • ** Coding Languages- C, Java, Perl, Shell, Awk etc.
  • **Encryption (Processes & Algorithms)- Digital Signature & Certificate, Hash Algorithms & Encrypted Hash, AES, DH Key Exchange, PGP, DES & Triple DES, Blowfish, Twofish, Serpent

** - Preferably expertise level understanding and HandsOn in these areas, however basics must be tested first.

Expertise & handsOn:

  • Internet protocols - DNS, TLS, IPSEC, HTTP, TCP, UDP etc.
  • OS - Windows,UNIX/Linux etc.
  • File system - Zfs, NTFS, FAT etc.
  • Encryption - PGP, symmetric/asymmetric, ECB/CBC operations, AES etc.
  • DLP - network vs endpoint DLP, Vontu, Websense, Verdasys etc.
  • eDiscovery & Digital Forensics Concepts/Technologies - Encase, FTK etc.
  • Threat or Risk Modelling - STRIDE, DREAD, FAIR etc.
  • Pentesting Fundamentals
  • Technical expertise - Windows, Linux, Solaris, AIX, OS400, Apple, Databases, Routers/Firewalls

Computer Forensics:

  • Process- Data Extraction, Data Imaging, Data Preservation & Data Handling
    - Methodology for proper copy of storage devices that can be used as evidence
    - Tools like FTK, AccessData
  • Popular tools- FTK, Access Data,Caine,EnCase etc.
  • Techniques- Cross Drive Analysis(CDA), File Carving or Carving, Live Analysis, Steganalysis or Steganography Tools, Volatile Data Analysis

( Read More: Pre-launch Preview: State of Security Technology Adoption in Enterprises - Annual Report 2015 )

Added Certification

  • CISSP
  • ENCE(Encase Certified Examiner),
  • CCE, GCFE(GIAC Certified Forensic Examiner ),
  • GCFA(GIAC Certified Forensic Analyst),
  • GREM(GIAC Reverse Engineering Malware),
  • GCIA(GIAC Certified Intrusion Analyst),
  • GCIH(GIAC Certified Incident Handler),
  • CHFI, QSA, EnCE,
  • CCE(Certified Computer Examiner),
  • ACE(AccessData Certified Examiner),
  • CISM

Personal Skills:

  1. Good Management abilities
  2. Stress Handling Capability
  3. Impromptu action taker
  4. Good Reasoning abilities
  5. Process defining abilities
  6. Good Communication skills
  7. Team worker 

Notes

1. Test scenarios.Hand over test scenarios to the recruit, the process of resolving the problem will demonstrate - logical thinking, spontaneity, knowledge, forensic basics. This can be also done in idle teams as an exercise.

2. Learner.Since information security changes every day, the personnel should be open to learning and eager to demonstrate them. Educational courses made can also be useful for other members outside CIRT.

3. Think of hiring a hacker. Big companies are hiring hackers full-time to hack their systems, this enables faster resolving the easiest hackable points, moreover the hacker thinks like a hacker!

4. Domain experts of certain fields can be a good choice like- applications, network, mail and database.

5. Consider outsourcing this effort to a consultancy which results in lower costs as you don't need a team waiting for incidents to take place, rather treat only when affected. However, this must be preceded by references and study.

6. A Legal Advisor can be of umpteen help, in assisting of gathering information, recommendations and remediation when an incident/breech takes places

(Read more: CISO Guide for Denial-of-Service (DoS) Security)

Reference:

https://en.wikipedia.org/wiki/Computer_forensics

https://en.wikipedia.org/wiki/Information_security

http://ptgmedia.pearsoncmg.com/images/1578702569/samplechapter/1578702569.pdf

https://msisac.cisecurity.org/resources/guides/documents/Incident-Response-Guide.pdf

http://www.cert.org/incident-management/csirt-development/csirt-staffing.cfm

http://www.bankinfosecurity.in/incident-response-5-critical-skills-a-4214/op-1

8669801067?profile=original

Votes: 0
E-mail me when people leave their comments –

Community Head, CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (bi-monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO Meetup at BlackHat Las Vegas 2025

  • Description:

    We are excited to welcome you to the CISO Meetup during BlackHat USA 2025 in Las Vegas! Join us for an exclusive networking, meaningful conversations, and community building with top CISOs and cybersecurity leaders from around the globe. 

    Meetup Details:

    Location: Mandalay Bay, Las Vegas …

  • Created by: Biswajit Banerjee
  • Tags: ciso, black hat, black hat 2025, black hat usa

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee