1 / 14

Staffing Security Positions

Staffing Security Positions. How To Choose The Right Personnel. Jeffrey Posluns , CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc. http://www.securitysage.com. Identifying Positions. Security Physical Monitoring Incident Response Communications. Management IT Security

val
Download Presentation

Staffing Security Positions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc. http://www.securitysage.com

  2. Identifying Positions • Security • Physical • Monitoring • Incident Response • Communications • Management • IT • Security • CSO / CIO • Technical • Implementation • Administration • Documentation • Active vs. Passive

  3. Understanding Skills • Security • Security Configuration • Security Administration • Understand Patches • Monitor Security Logs • Ensure Backup Security • Ensure Rules Are Followed • Security Documentation • IT • System Installation • System Administration • Patch Systems • Monitor System Logs • Backup Systems • Follow Security Rules • Systems Documentation

  4. Understanding Skills (2) Most IT & Security Personnel Have Experience In Both Areas! Determining Where A Particular Person Can Best Fit In Can Be Difficult!

  5. Certifications (Product) • MCSE (Microsoft Certified Systems Engineer) • Microsoft - http://www.microsoft.com • Specific Information About A Product • CCNA (Cisco Certified Networking Associate) • Cisco - http://www.cisco.com • Specific Information About A Series Of Products • CCSA (Check Point Certified Security Administrator) • Checkpoint - http://www.checkpoint.com • Specific Information About A Product

  6. Certifications (Technical) • SANS GIAC • SANS - http://www.sans.org • Specific Security Topic For Each Certification (There Are A Few) • SSCP (Systems Security Certified Practitioner) • ISC2 - http://www.isc2.org • Broad Range Of Security Topics (Similar To SANS GSEC)

  7. Certifications (Management) • CISSP (Certified Information Systems Security Professional) • ISC2 - http://www.isc2.org • Broad Range Of Security Topics • CISM (Certified Information Security Manager) • ISACA - http://www.isaca.org • Security Management Specific

  8. Certifications (Issues) Learning To Pass A Test? vs. Knowing & Understanding The Materials? Someone With A Certification? vs. Someone With Years Of Experience?

  9. What You Want In A… • Security Manager • Broad understanding of multiple technologies • Management techniques • Communication skills (speaking and writing) • Documentation skills • Ability to direct a team • Ability to distinguish between technical skills • Security Technologist • Specific understanding of multiple technologies • Technical expertise • Communication skills (speaking and writing) • Documentation skills • Ability to work in a team • The desire to improve one’s self and learn more

  10. Security Career Paths • Certification • Product Certifications • Technical Certifications • Management Certifications • Progression • System Administrator • Security Administrator • Security Manager • Why would someone NOT get a certification? • Attitude / “certifications just mean you can pass a test” • Apathy / Lack of understanding of how it can benefit them

  11. Evaluating A Resume (Beyond the norm) • Past jobs • IT specific with security functions • Security specific job description • Team leader or team member • Communications skills • Publications or papers written • Memberships & Affiliations • Affiliated with any public security forums? • Contributions to open projects?

  12. In The Interview • Communications Skills • Explain a concept to both a technical and a non-technical person (simultaneously) • Write a sample paragraph describing a security issue (~200 words) • Your Thoughts • Will this person’s skills grow from technical to management? • Will this person want to move into management, or will he/she be happy as a senior tech?

  13. Summary • Skills and requirements • What is on paper vs. what’s in their head • Growing as an individual within the company • The resume vs. the person

  14. QUESTIONS? Thank you! Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc. http://www.securitysage.com

More Related