110 likes | 239 Views
The Path to Becoming a Security Professional. Andrea C. Hoy, CISSP, CISM President, ISSA Orange County CISO Executive Task Force Chief Technology Officer, iQwest www.securIT.us www.iQwest.com 12 April 2006. EDUCAUSE Marriott City Center, Denver, CO. My Background or.
E N D
The Path to Becoming a Security Professional Andrea C. Hoy, CISSP, CISM President, ISSA Orange County CISO Executive Task Force Chief Technology Officer, iQwest www.securIT.uswww.iQwest.com 12 April 2006 EDUCAUSE Marriott City Center, Denver, CO
My Background or The Path I took to Become CISO for a Fortune 200 & 500 Playground rules still exist “Verbal Judo” Glass ceilings did exist! But glass breaks
What I Learned on the Job Security Org Charts vary as much as 1st year students’ majors change! Reporting Structures can Help or Hinder Who you know not What you know – not always Even Big Corporations Don’t Know what they Want, but They sure Know what they Don’t Want to Hear!
Where’s InfoSecurity? 5/ 9 / 6%
“Job Description” Please!? WANTED – Candidate must… • Info Security Policy & Procedures • DRP/BCP • Enterprise Program Management • Risk Management • Fraud/Investigations • Physical Security • Non-IT Risk Functions • Legal Liability – “Who gives the sample?” • Windows/Mac/Linux/Unix/Sun Solaris/AIX • CISSP/MCSE/Cisco/GIAC, etc..
The Perspective from Above The CISO/CSO/CRO is a Strategic permanent position in the business. 2004 17% 2005 58% I.S. is a Business Enabler and Essential to our Business. It is no longer an Overhead Cost. 2004 25% 2005 49%
What do the Troops look like on This Path? (Backgrounds) EDUCATION *2003, 2004, 2005 data from CSO Magazine/Price Waterhouse Coopers – State of the CSO & CISO Exec Forum, ATL – March 2006
What do the Troops look like on This Path? (Backgrounds) Certifications • Source: CISO Bootcamp, A. Hoy & Assoicates & State of the CISO 2003/2004/2005 -PWC
What do the Troops look like on This Path? (Backgrounds) PREVIOUS OCCUPATIONS • IT/IS 63% • Physical Security • Military • Law Enforcement • Business Operations • Audit • Other • Legal Highest (Most Common) to Lowest (Least Common)
StaffingHow Many Information Security Professionals are Enough for Success? # of Full Time Info Security Employees 11% 23% 24% 11% Avg. 3 31% * Slide from CISO Bootcamp – A. Hoy & Associates
How To Help Progress the InfoSecurity Profession Give Zen! • If you have made it to the Boardroom/President’s Office, • DO Surveys!!!! • Share your story • Mentor a Student Intern or Hire a New Grad • Create a Succession Plan • Always maintain absolute integrity • Help your fellow InfoSecurity Professional/ CISO to be get there! • Join IS organizations • Support your staff • Don’t take yourself too seriously!