Getting into Information Assurance Careers June 2, 2015
Posted by Chris Mark in Uncategorized.Tags: Chris Mark, CIPP, CISSP, Consulting, cybersecurity, InfoSec, privacy, SANS
1 comment so far
I have had a number of folks email me asking about becoming an InfoSec worker so I am writing this post to (hopefully) help those who are interested. In 2001, I landed in InfoSec by pure luck and I have never looked back. It is an amazing field and a great career path. First..for some marketing. According to the InfoSec Institute, the average CISSP Salary in 2014 is over $100,000 per year. In 2013 there were 209,000 job postings for CyberSecurity Jobs and it is estimated that in 2015, there are 40,000 more jobs than people to take them. In short, it is a very high demand field.
InfoSec? CyberSecurity? Information Assurance? WHAT?
It is even confusing to me sometimes. At a high level I use the term Information Assurance as it encompasses all of the elements of protecting data. This includes data security (protecting data), CyberSecurity (protecting the systems, and infrastructure), Privacy (appropriate use of information) and Compliance (ensuring your company complies with relevant regulations) and Risk Management (evaluating the security risk of your organization). While this short post does not allow for a more comprehensive overview, these are the generic ‘pillars’ that we consider.
What types of Jobs are Out There? (more…)
Security Survey December 3, 2012
Posted by Chris Mark in Uncategorized.Tags: CISSP, risk management, security, security survey
add a comment
I am completing a project for an research brief and would appreciate if any security professionals (or former security professionals) could take 5 minutes to answer the survey. NO personal information is collected. Thank you in advance for your help!
“A Rose by Any Other Name…” – Selecting the Right InfoSec Professional August 22, 2012
Posted by Chris Mark in cybersecurity.Tags: CISA, CISSP, cybersecurity, data security, experts, information security, mark consulting group, qualfications, Social media
add a comment
Last week I had an experience that left me chuckling and shaking my head at the same time. I had been approached by a company that had some infosec needs. According to the person with whom I spoke, they had found me on LinkedIn and wanted to talk. This company had recently settled with some regulators over some privacy and other regulatory practices and were looking to beef up their security and compliance. I spoke to one person for about an hour and a half and was asked to send more info. Later that week I received a call from the person with whom I had spoken an was informed that the company was looking for someone with INFORMATION SECURITY experience. I (likely not so politely) asked what they thought I did for a living? His response was that the company was looking for someone with a computer science degree. It was curious that they did not say an information assurance degree, or cybersecurity degree…or…list an certifications or skills…simply computer science. Well then…there you have it. Apparently, this company feels the only real qualification for ‘infosec’ is a computer science degree. Considering their previous issues, you would think they would have a better handle on info sec and their needs.
When looking for an infosec professional understand that there are technical skills which are certainly important (encryption, configuring firewalls, devices, systems, app layer security etc., etc., etc.) There are other aspects which are important, as well. Understanding the compliance mandates as well as the various regulatory requirements and regimes is critical in today’s world. While not specifically defined as ‘infosec’, an understanding of privacy issues (how data is used) is also important. While understanding technology is critical, being a skilled infosec professional is about more than simply understanding technology and about more than computer science. While I may not have been right for that particular engagement for other reasons, the company’s laser focus on a ‘computer science’ degree at the exclusion of the other aspects suggests this company may be focused on the wrong areas. Maybe they should question why they had issues to begin with.
Global Security, Privacy, & Risk Management 