What defines an InfoSec Professional?

[Brian.A.Shea at bankofamerica.com (Shea, Brian A)]

The right answer is both IMO.  You need the thinkers, integrators, and
operators to do it right.  The term Security Professional at its basic
level simply denotes someone who works to make things secure.

You can't be secure with only application security any more than you can
be secure with only firewalls or NIDs.  The entire ecosystem and
lifecycle must be risk managed and that is accomplished by security
professionals.  Each professional may have a specialty due to the
breadth of topics covered by Security (let's not forget our Physical
Security either), but all would be expected to act as professionals.
Professionals in this definition being people who are certified and
expected to operate within specified standards of quality and behavior
much like CISSP, CPA, MD, etc.

-----Original Message-----
From: sc-l-bounces at securecoding.org
[mailto:sc-l-bounces at securecoding.org] On Behalf Of Gunnar Peterson
Sent: Thursday, March 08, 2007 9:13 AM
To: James.McGovern at thehartford.com
Cc: SC-L at securecoding.org
Subject: Re: [SC-L] What defines an InfoSec Professional?

actually just the former. Robert Garigue characterized firewalls, nids,
et al as good network hygiene. The equivalent of a dentist telling you
to brush your teeth. An infosec pro needs much more depth than that. The
model is charlemagne

http://1raindrop.typepad.com/1_raindrop/2007/02/thinking_about_.html

-gp
-----Original Message-----
From: "McGovern, James F (HTSC, IT)" <James.McGovern at thehartford.com>
Date: Thursday, Mar 8, 2007 10:27 am
Subject: [SC-L] What defines an InfoSec Professional?

If you have two individuals, one of which has been practicing secure
coding=
 practices and encouraging others to do so for years while another
individu= al was involved with firewalls, intrusion detection,
information security p= olicies and so on, are they both information
security professionals or just=
 the later?


************************************************************************
* This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution
is strictly prohibited.  If you are not the intended recipient, please
notify the sender immediately by return e-mail, delete this
communication and destroy all copies.
************************************************************************
*



_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc -
http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC
(http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________