150 likes | 294 Views
Staffing Security Positions. How To Choose The Right Personnel. Jeffrey Posluns , CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc. http://www.securitysage.com. Identifying Positions. Security Physical Monitoring Incident Response Communications. Management IT Security
E N D
Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc. http://www.securitysage.com
Identifying Positions • Security • Physical • Monitoring • Incident Response • Communications • Management • IT • Security • CSO / CIO • Technical • Implementation • Administration • Documentation • Active vs. Passive
Understanding Skills • Security • Security Configuration • Security Administration • Understand Patches • Monitor Security Logs • Ensure Backup Security • Ensure Rules Are Followed • Security Documentation • IT • System Installation • System Administration • Patch Systems • Monitor System Logs • Backup Systems • Follow Security Rules • Systems Documentation
Understanding Skills (2) Most IT & Security Personnel Have Experience In Both Areas! Determining Where A Particular Person Can Best Fit In Can Be Difficult!
Certifications (Product) • MCSE (Microsoft Certified Systems Engineer) • Microsoft - http://www.microsoft.com • Specific Information About A Product • CCNA (Cisco Certified Networking Associate) • Cisco - http://www.cisco.com • Specific Information About A Series Of Products • CCSA (Check Point Certified Security Administrator) • Checkpoint - http://www.checkpoint.com • Specific Information About A Product
Certifications (Technical) • SANS GIAC • SANS - http://www.sans.org • Specific Security Topic For Each Certification (There Are A Few) • SSCP (Systems Security Certified Practitioner) • ISC2 - http://www.isc2.org • Broad Range Of Security Topics (Similar To SANS GSEC)
Certifications (Management) • CISSP (Certified Information Systems Security Professional) • ISC2 - http://www.isc2.org • Broad Range Of Security Topics • CISM (Certified Information Security Manager) • ISACA - http://www.isaca.org • Security Management Specific
Certifications (Issues) Learning To Pass A Test? vs. Knowing & Understanding The Materials? Someone With A Certification? vs. Someone With Years Of Experience?
What You Want In A… • Security Manager • Broad understanding of multiple technologies • Management techniques • Communication skills (speaking and writing) • Documentation skills • Ability to direct a team • Ability to distinguish between technical skills • Security Technologist • Specific understanding of multiple technologies • Technical expertise • Communication skills (speaking and writing) • Documentation skills • Ability to work in a team • The desire to improve one’s self and learn more
Security Career Paths • Certification • Product Certifications • Technical Certifications • Management Certifications • Progression • System Administrator • Security Administrator • Security Manager • Why would someone NOT get a certification? • Attitude / “certifications just mean you can pass a test” • Apathy / Lack of understanding of how it can benefit them
Evaluating A Resume (Beyond the norm) • Past jobs • IT specific with security functions • Security specific job description • Team leader or team member • Communications skills • Publications or papers written • Memberships & Affiliations • Affiliated with any public security forums? • Contributions to open projects?
In The Interview • Communications Skills • Explain a concept to both a technical and a non-technical person (simultaneously) • Write a sample paragraph describing a security issue (~200 words) • Your Thoughts • Will this person’s skills grow from technical to management? • Will this person want to move into management, or will he/she be happy as a senior tech?
Summary • Skills and requirements • What is on paper vs. what’s in their head • Growing as an individual within the company • The resume vs. the person
QUESTIONS? Thank you! Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc. http://www.securitysage.com