RE: IT Manager to CISO

["David Gillett" <gillettdavid () fhda edu>]

   I've heard CISSPs faulted for not knowing the technical ins and outs of
every permission flag on platform XYZ -- which isn't what the cert is about,
and it's rarely part of a CISO's day-to-day responsibilities.  But "idiotic
blunders" isn't a characterization I've heard applied to that, so I'll
assume you have something else in mind, right?  Could you point me to a
couple of examples?

David Gillett

-----Original Message-----
From: ichib0d crane [mailto:themadichib0d () gmail com]
Sent: Thursday, April 28, 2011 08:40
To: security-basics () securityfocus com
Subject: Re: IT Manager to CISO

Well, people with CISSP often get a bad rap because they have a tendency of
making huge idiotic blunders but at least compared to
Security+ it's better. Security+ is a basic cert that pretty much says
you know not to open random email attachments, firewalls are good, wifi is
bad, ect. There are tons of info sec certs out there and they pretty much
are mainly good for your resume and thats it. Since you already got the job
certs are not all too relevant to you unless you start looking for a new job
explicitly in infosec. What I'd do if I were you is enumerate everything
you'll be in charge of and then get matching books. Know your network better
than anyone else and know precisely what your network demands security wise.
More importantly, don't be afraid to be pushy and become the 'bad guy' if it
means correcting a STUPID mistake.

On Wed, Apr 27, 2011 at 1:37 AM,  <olufemimogaji () gmail com> wrote:
> Hi all,
>
> I'm currently the de facto IT manager for a small IT services firm. The
nature of our business requires that we follow PCI standards as per logical
security. Here's the thing, the CISO is leaving next month, and I've been
told I'll be taking his position. I already have a lot of exposure to info
sec, I have a CCNP (the former version with ISCW) and a I'm an MCP (Active
Directory for WS 2008). What I need to know is what cert I should go out
there and get to make me more cemented in this new CISO role, at least to
keep the auditors happy, as they sometimes like to question your competence.
The outgoing CISO, even though he was trained by some of our partners, had
NO certs, and this exposed him to uncomfy questions from hard nosed
auditors. Security+ or CISSP exam? Or any others? Any form of guiding light
will be highly appreciated.
> Regards,
>
> Femi M.
>
>
>
>
> Sent from my BlackBerryR Smartphone
>
>
>
> Sent from my BlackBerryR Smartphone

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate.  We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------