Security Basics mailing list archives
RE: IT Manager to CISO
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 28 Apr 2011 13:21:58 -0700
I've heard CISSPs faulted for not knowing the technical ins and outs of every permission flag on platform XYZ -- which isn't what the cert is about, and it's rarely part of a CISO's day-to-day responsibilities. But "idiotic blunders" isn't a characterization I've heard applied to that, so I'll assume you have something else in mind, right? Could you point me to a couple of examples? David Gillett -----Original Message----- From: ichib0d crane [mailto:themadichib0d () gmail com] Sent: Thursday, April 28, 2011 08:40 To: security-basics () securityfocus com Subject: Re: IT Manager to CISO Well, people with CISSP often get a bad rap because they have a tendency of making huge idiotic blunders but at least compared to Security+ it's better. Security+ is a basic cert that pretty much says you know not to open random email attachments, firewalls are good, wifi is bad, ect. There are tons of info sec certs out there and they pretty much are mainly good for your resume and thats it. Since you already got the job certs are not all too relevant to you unless you start looking for a new job explicitly in infosec. What I'd do if I were you is enumerate everything you'll be in charge of and then get matching books. Know your network better than anyone else and know precisely what your network demands security wise. More importantly, don't be afraid to be pushy and become the 'bad guy' if it means correcting a STUPID mistake. On Wed, Apr 27, 2011 at 1:37 AM, <olufemimogaji () gmail com> wrote:
Hi all, I'm currently the de facto IT manager for a small IT services firm. The
nature of our business requires that we follow PCI standards as per logical security. Here's the thing, the CISO is leaving next month, and I've been told I'll be taking his position. I already have a lot of exposure to info sec, I have a CCNP (the former version with ISCW) and a I'm an MCP (Active Directory for WS 2008). What I need to know is what cert I should go out there and get to make me more cemented in this new CISO role, at least to keep the auditors happy, as they sometimes like to question your competence. The outgoing CISO, even though he was trained by some of our partners, had NO certs, and this exposed him to uncomfy questions from hard nosed auditors. Security+ or CISSP exam? Or any others? Any form of guiding light will be highly appreciated.
Regards, Femi M. Sent from my BlackBerryR Smartphone Sent from my BlackBerryR Smartphone
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: IT Manager to CISO, (continued)
- RE: IT Manager to CISO Egerue, Ugochukwu (Apr 28)
- RE: IT Manager to CISO rogue5 (Apr 28)
- Re: IT Manager to CISO Ricardo Ferreira (Apr 28)
- RE: IT Manager to CISO Craig Hotchkiss (Apr 28)
- RE: IT Manager to CISO Valin, Christian (Apr 28)
- RE: IT Manager to CISO David Gillett (Apr 28)
- Re: IT Manager to CISO Todd Haverkos (Apr 28)
- Re: IT Manager to CISO Jonathan Younie (Apr 28)
- RE: IT Manager to CISO Jeremi Gosney (Apr 28)
- Re: IT Manager to CISO ichib0d crane (Apr 28)
- RE: IT Manager to CISO David Gillett (Apr 28)
- Re: IT Manager to CISO olufemimogaji (Apr 28)
- RE: IT Manager to CISO Egerue, Ugochukwu (Apr 28)