Re: Training advice

[David Lundy <dlundy () PACIFIC EDU>]

Teresa:

      Having been in a similar situation myself, I believe the most
important thing is to start learning to think strategically.  I, too,
come from a background of server administration and have taught
networking.  But what I found is that security can be overwhelming, and
techies (like me) tend to focus on the trees and not to forest.

      I think a good starting point for an educationally oriented
broader overview is the Educause page:
https://wiki.internet2.edu/confluence/display/secguide/Effective+IT+Secu
rity+Practices+and+Solutions+Guide and start thinking of risk, and
focusing efforts at protecting the systems according to their risk to
the organization.  The more limited your resources, the more you need to
focus those limited resources on the greatest risk.  That is
particularly true as I have experienced in a one person shop.

     The CISSP exam covers broad domains of security.  You should look
at those domains to see if there are areas you to need to focus on
whether or not you are interested in the cert.  A good site for
information on CISSP topics and review is http://www.cccure.org/.

      Also, the SANS courses have been already recommended and are
excellent.   The education hosted sessions come at a substantial
discount.  But SANS needs a small number of volunteers to assist with
their training.  This brings a major discount as well if accepted as a
volunteer.  These tend to be technically focused and should be chosen
once you determine what is most at risk and what will help you mitigate
that risk.

      My experience in a one person shop is there is little time for
forensics.  Making sure that good policies are developed and user
training is in place is important.  The more good policies you have
concerning server hardening, business impact analysis of new
applications, desktop security, and the like, the less time you will
need to spend on them and the more you can spend on other areas of
security.  My recommendation is start thinking of how to development an
overall security plan and deemphasize specific technical training until
you have that plan.  Do you have procedures for handing DMCA notices?
Do you have PCI Icredit card) security issues?  There are any number of
issues and they can't really be tackled until you have a plan.

      One of the things that helped me was getting involved with the
local chapter of ISSA.  The support I got from people who shared my
concerns even if they did not understand the educational culture, was
great.  There is a chapter in Bentonville I understand.  You may be able
to build relationships with security people at colleges and universities
in Little Rock.

      I have been an acting IT security officer for a couple of years.
We just hired an IT security officer and I am getting a chance to be
more techie again.  I did not get the full position because I was not
able to focus sufficiently on the strategic issues while doing the
technical side.  Fortunately he is a great boss and is taking much of
the planning, regulatory and policy burden from me which is allowing me
to develop server standards and to pursue tools like tripwire, snort,
nessus, log analysis and a look at SIEM, possibilities which time hasn't
allowed.  I am getting back to being a techie.  But if your situation is
like mine was in a one person shop, you may have to do some non-techie
planning to make your techie hours effective.

      There are those of us who have "been there, done that".  That is
what this list is for.  Good luck!

 

Dave

 

------------------------------------------------

David Lundy

Assistant IT Security Officer

University of the Pacific

Stockton, CA 95211

Email: dlundy () pacific edu

Voice: 209-946-3951

Fax: 209-946-2898         

________________________________

From: Vanderbilt, Teresa [mailto:tvanderb () OZARKS EDU] 
Sent: Monday, June 18, 2007 12:02 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Training advice

 

I recently stepped into the title of Security Manager. We're a small
school and this is a new position for us. I'd only maintained the
servers, switches and firewalls before. I have no one to mentor me and
very little budget for training. I can spend approximately $3-5K on
formal training this year. I was thinking of a good online class so all
the money goes toward training rather than hotels and travel. Until now,
everything I've learned has been mostly on my own; although I recently
attended Pentration Testing Training. What other training, both formal
and informal, would benefit me and my school the most? I've been
thinking of CCNA and I would like to learn how to use Snort since it's
free. Will CCNA be beneficial or should I buy a good beginners book on
Snort. Am I way off the mark for what I need to study? I need to get up
to speed quickly and can't afford to guess at what I need. Please help.

Thanks in advance, 
Teresa Vanderbilt 
University of the Ozarks