I tend to operate in accordance with the four principles of Cigital‘s recent Agile Security Manifesto. [su_pullquote align=”right” class=””]NOTE: I cannot state whether I’ve employed Cigital professionally but I have had interaction with them in my career.[/su_pullquote] These principles align with security governance, education and scaling throughout an organization versus roles in security domains taking on… Continue reading Cigital’s Agile Security Manifesto
Category: Information Security
Another Certification – CISSP
I passed my CISSP certification exam this week and submitted my supporting documentation to my endorser and the (isc)2 to complete the process. Many people study diligently to pass it and this exam very effectively tested my comprehension of all domains of the Common Body of Knowledge (CBK) and the resultant implications of information security.… Continue reading Another Certification – CISSP
SANS – Confusion in the Top How Many?
Enterprise Security or Secure Solution program? While discussing the SANS Top 20 Critical Controls a couple of weeks ago I ran into some confusion with an infosec partner about the number of controls we were talking about. He referred to the Top 25 but I know from my training and certification that there are 20… Continue reading SANS – Confusion in the Top How Many?
Professional Organizations – How to Connect & What They Offer
This podcast is for both seasoned information security professionals and those who desiring a career in infosec, risk management or privacy. To that end there are agencies that can be beneficial for those at the beginning of their careers or those who are interested in more peer and community engagement. There are various roles… Continue reading Professional Organizations – How to Connect & What They Offer
CSIP Looks Good
After reading through the CyberSecurity Strategy and Implementation Plan (CSIP) I was impressed with its scope and relatively clear terminology, acronyms notwithstanding, and how it outlined federal strategy. I expect the timelines to be challenging, though. Working in a multi-national, Fortune 500 company, I know that if you don’t already have some information collected and… Continue reading CSIP Looks Good