Security Basics mailing list archives
Re: IT Manager to CISO
From: Todd Haverkos <infosec () haverkos com>
Date: Thu, 28 Apr 2011 12:55:20 -0500
olufemimogaji () gmail com writes:
Hi all, I'm currently the de facto IT manager for a small IT services firm. The nature of our business requires that we follow PCI standards as per logical security. Here's the thing, the CISO is leaving next month, and I've been told I'll be taking his position. I already have a lot of exposure to info sec, I have a CCNP (the former version with ISCW) and a I'm an MCP (Active Directory for WS 2008). What I need to know is what cert I should go out there and get to make me more cemented in this new CISO role, at least to keep the auditors happy, as they sometimes like to question your competence. The outgoing CISO, even though he was trained by some of our partners, had NO certs, and this exposed him to uncomfy questions from hard nosed auditors. Security+ or CISSP exam? Or any others? Any form of guiding light will be highly appreciated.
The breadth and mindshare of a CISSP and the business cred of an MBA would be a compelling combination for a CISO role given the stated goals. See if you can't find some Lee Kushner talks or podcast appearances of recent vintage. I saw him speak recently at Thotcon and have heard him at Blackhat and on a podcast recently. He's one of the best known security recruiters, and speaks frequently about the CISO connundrum, and how the skillset of a CISO actually doesn't lend itself well to most of the techie infosec community. I'm not sure if these talks/interviews have that in it, but they were quick to google: http://www.youtube.com/watch?v=WgIQXPMga8g http://www.securabit.com/2010/12/20/securabit-episode-71-managing-our-careers-with-lee-kushner/ He has a website here http://www.infosecleaders.com/about/ or peruse the twitter feed @ljkush Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- IT Manager to CISO olufemimogaji (Apr 27)
- Re: IT Manager to CISO Omar Salvador Alcalá Ruiz (Apr 28)
- RE: IT Manager to CISO Egerue, Ugochukwu (Apr 28)
- RE: IT Manager to CISO rogue5 (Apr 28)
- Re: IT Manager to CISO Ricardo Ferreira (Apr 28)
- RE: IT Manager to CISO Craig Hotchkiss (Apr 28)
- RE: IT Manager to CISO Valin, Christian (Apr 28)
- RE: IT Manager to CISO David Gillett (Apr 28)
- Re: IT Manager to CISO Todd Haverkos (Apr 28)
- Re: IT Manager to CISO Jonathan Younie (Apr 28)
- RE: IT Manager to CISO Jeremi Gosney (Apr 28)
- Re: IT Manager to CISO ichib0d crane (Apr 28)
- RE: IT Manager to CISO David Gillett (Apr 28)
- <Possible follow-ups>
- Re: IT Manager to CISO olufemimogaji (Apr 28)