Professional Organizations – How to Connect & What They Offer

 

This podcast is for both seasoned information security professionals and those who desiring a career in infosec, risk management or privacy. To that end there are agencies that can be beneficial for those at the beginning of their careers or those who are interested in more peer and community engagement.

There are various roles in information security: Red team, Blue Team, incident handlers, consultants and strategists to name a few.

 

Professional Orgs

ISSA – Information Systems Security Association
https://www.issa.org/

ISSA is an older professional information security organization.  Years ago this association spun off the (isc)2 as an education/certification organization.  With the relative value of obtaining certification versus being involved in the association (isc)2 has surpassed ISSA membership

I am Membership Director for my local ISSA chapter.

ISSA_logo

 

 

ISACA – Information Systems Audit & Control Association
https://www.isaca.org/

The professional association for audit and compliance professionals in the information/technology space.

This org also accredits:
e..g, CRISC, CISA, CISM

 

 

 

 

Accrediting Orgs

(isc)2 – International Information Systems Security Certification Consortium
https://isc.org/

The education/cert association fostered by ISSA.  I believe (isc)2 has surpassed ISSA in recognition within the infosec community based on professionals’ focus on certification.  (isc)2 publishes its information about infosec within its Common Body of Knowledge (CBK) documentation.

e.g., CISSP, CCFP, CSSLP, CCSP

 

SANS/GIAC – Global Information Accreditation Corp (?)
https://www.sans.org/  https://www.giac.org/

Certifies for numerous information security skillsets

e.g., GSEC, GCIH, GCCC

I hold GCCC certification #242

GCCC_128px

 

 

EC Council –
https://eccouncil.org/

Education organization the certifies for Certified Ethical Hacker (CEH).

e.g., CEH, CHFI, EDRP

 

CompTIA –
https://www.comptia.org/

Training and certification organization.

e.g., Security+, Cloud+, Mobile+, Server+

 

Most of these accreditations require some time component working in a specific role or, as in the ccase of the CISSP, time-in-seat- within two domains of the (isc)2’s CBK