hosted by staffing security positions how to choose the right personnel jeffrey posluns, cisa,...
TRANSCRIPT
Hosted by
Staffing Security Positions
How To Choose The Right Personnel
Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC
SecuritySage Inc.
http://www.securitysage.com
Hosted by
Identifying Positions
Management• IT
• Security
• CSO / CIO
Technical• Implementation
• Administration
• Documentation
• Active vs. Passive
Security• Physical
• Monitoring
• Incident Response
• Communications
Hosted by
Understanding Skills
IT• System Installation
• System Administration
• Patch Systems
• Monitor System Logs
• Backup Systems
• Follow Security Rules
• Systems Documentation
Security• Security Configuration
• Security Administration
• Understand Patches
• Monitor Security Logs
• Ensure Backup Security
• Ensure Rules Are Followed
• Security Documentation
Hosted by
Understanding Skills (2)
Most IT & Security Personnel Have
Experience In Both Areas!
Determining Where A Particular Person
Can Best Fit In Can Be Difficult!
Hosted by
Certifications (Product)
MCSE (Microsoft Certified Systems Engineer)
• Microsoft - http://www.microsoft.com
• Specific Information About A Product
CCNA (Cisco Certified Networking Associate)
• Cisco - http://www.cisco.com
• Specific Information About A Series Of Products
CCSA (Check Point Certified Security Administrator)
• Checkpoint - http://www.checkpoint.com
• Specific Information About A Product
Hosted by
Certifications (Technical)
SANS GIAC• SANS - http://www.sans.org
• Specific Security Topic For Each Certification (There Are A Few)
SSCP (Systems Security Certified Practitioner)
• ISC2 - http://www.isc2.org
• Broad Range Of Security Topics (Similar To SANS GSEC)
Hosted by
Certifications (Management)
CISSP (Certified Information Systems Security Professional)
• ISC2 - http://www.isc2.org
• Broad Range Of Security Topics
CISM (Certified Information Security Manager)
• ISACA - http://www.isaca.org
• Security Management Specific
Hosted by
Certifications (Issues)
Learning To Pass A Test?vs.
Knowing & Understanding The Materials?
Someone With A Certification?vs.
Someone With Years Of Experience?
Hosted by
What You Want In A…
Security Technologist• Specific understanding of
multiple technologies
• Technical expertise
• Communication skills
(speaking and writing)
• Documentation skills
• Ability to work in a team
• The desire to improve one’s
self and learn more
Security Manager• Broad understanding of
multiple technologies
• Management techniques
• Communication skills
(speaking and writing)
• Documentation skills
• Ability to direct a team
• Ability to distinguish
between technical skills
Hosted by
Security Career Paths
Progression• System Administrator
• Security Administrator
• Security Manager
Certification• Product Certifications
• Technical Certifications
• Management Certifications
Why would someone NOT get a certification?•Attitude / “certifications just mean you can pass a test”
•Apathy / Lack of understanding of how it can benefit them
Hosted by
Evaluating A Resume (Beyond the norm)
Past jobs• IT specific with security functions
• Security specific job description
• Team leader or team member
• Communications skills
• Publications or papers written
Memberships & Affiliations• Affiliated with any public security forums?
• Contributions to open projects?
Hosted by
In The Interview
Communications Skills• Explain a concept to both a technical and a non-
technical person (simultaneously)
• Write a sample paragraph describing a security
issue (~200 words)
Your Thoughts• Will this person’s skills grow from technical to
management?
• Will this person want to move into management,
or will he/she be happy as a senior tech?
Hosted by
Summary
Skills and requirements
What is on paper vs. what’s in their head
Growing as an individual within the company
The resume vs. the person
Hosted by
QUESTIONS?
Thank you!
Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC
SecuritySage Inc.
http://www.securitysage.com