Educause Security Discussion mailing list archives
Re: Training advice
From: Jim Dillon <Jim.Dillon () CUSYS EDU>
Date: Mon, 18 Jun 2007 14:22:34 -0600
Teresa, I'm may be reading into your new title more than may be appropriate, but my guess, given your description of yourself as a prior techie/admin, I believe your core development concerns are actually in communication and negotiation in the managerial sphere. Much of what you need to do your job will depend on your ability to: 1. Understand the goals and objectives of management 2. Clearly communicate the risks and threats in terms they understand, bad publicity and the bottom line $ 3. Influence, co-opt, convince, and otherwise make wise use of human resources 4. Program/personnel management and reporting (progress, issues, metrics...) 5. Present security imperatives clearly and concisely through email, reports, presentations, etc. 6. Discuss policy, legal initiatives with appropriate tech-to-policy interpretation It appears to me that you've taken a step away from "technical" security into a more program management role, and you will have to learn even more what terminology no longer works and how to overcome that. I once spent half an annual planning meeting suffering from the consequences of academic arguing about the term "social engineering" because I used it to describe an audit engagement. The manager's in the room had a different sociological interpretation of that term and they lost no time in arguing, berating, and simply wasting time over making that clear, proving their ignorance of the topic, but nonetheless defeating the more important discussion plans we had established. You may also see some of the U's offering SANS or Vigilar training for certifications such as CISA, CISM, and CISSP. While technically these will probably not challenge you as much or seem as relevant, you may find the preparation for sitting for one of these certifications may be a good nomenclature and communication development exercise, as well as good for broadening your perspective on your new job requirements. You can get this training generally at under $1000 through Higher Ed circles (I did through the Big 12) and it may be more enlightening about your up-n-coming responsibilities than focusing on yet another technical issue arena - you'll always have those cropping up and changing on you. Just another possibility, but I think you may want to give it some consideration. Best regards, Jim ***************************************** Jim Dillon, CISA, CISSP IT Audit Manager, CU Internal Audit jim.dillon () cusys edu 303-492-9734 ***************************************** ________________________________ From: Vanderbilt, Teresa [mailto:tvanderb () OZARKS EDU] Sent: Monday, June 18, 2007 1:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Training advice I recently stepped into the title of Security Manager. We're a small school and this is a new position for us. I'd only maintained the servers, switches and firewalls before. I have no one to mentor me and very little budget for training. I can spend approximately $3-5K on formal training this year. I was thinking of a good online class so all the money goes toward training rather than hotels and travel. Until now, everything I've learned has been mostly on my own; although I recently attended Pentration Testing Training. What other training, both formal and informal, would benefit me and my school the most? I've been thinking of CCNA and I would like to learn how to use Snort since it's free. Will CCNA be beneficial or should I buy a good beginners book on Snort. Am I way off the mark for what I need to study? I need to get up to speed quickly and can't afford to guess at what I need. Please help. Thanks in advance, Teresa Vanderbilt University of the Ozarks
Current thread:
- Training advice Vanderbilt, Teresa (Jun 18)
- <Possible follow-ups>
- Re: Training advice Ken Connelly (Jun 18)
- Re: Training advice John Piercy (Jun 18)
- Re: Training advice Vanderbilt, Teresa (Jun 18)
- Re: Training advice Brad Judy (Jun 18)
- Re: Training advice Vanderbilt, Teresa (Jun 18)
- Re: Training advice Jim Dillon (Jun 18)
- Re: Training advice Sarah Stevens (Jun 18)
- Re: Training advice Vanderbilt, Teresa (Jun 18)
- Re: Training advice David Lundy (Jun 18)
- Re: Training advice Pat Wilson (Jun 18)
- Re: Training advice Paul Keser (Jun 18)
- Re: Training advice Vanderbilt, Teresa (Jun 18)
- Re: Training advice Bob Ono (Jun 21)
- Re: Training advice Paul Keser (Jun 21)
- Re: Training advice David Lundy (Jun 21)
- Re: Training advice Theresa Semmens (Jun 21)
(Thread continues...)