Tellers of tales and debunkers of myths. An organization needs both. You need someone who can “weave a yarn”, “tell a tale”, “paint a picture with words”, etc. But you also need someone who “lets” facts get in the way of those myths. Marketing and sales folks need to be tellers of tales. And this … Continue reading
Category Archives: Being an InfoSec Professional
Reflections on certification, part 1
In his essay, “Disabling Professions”, Ivan Illich writes, “Let us first face the fact that the bodies of specialists that now dominate the creation, adjudication and implementation of needs are a new kind of cartel….Professionals assert secret knowledge about human nature, knowledge only they have the right to dispense.” When he wrote the essay, certifications … Continue reading
Reflections on certification part 1.5
Looking forward to December 8, 2012. I’m going to take the Certified Information Security Manager exam from ISACA (I’m already a CISSP and thought I’d expand the letters to the right of the comma after my name). I know COBIT pretty well and so I know what I expect from ISACA. In general, they structure … Continue reading
SWAT Teams, Power Rangers and Nerds with an edge
As you work in the Information Security field, you realize you can classify your peers into three groups. I guess the title gives away what they are. But it is true. You have the mil-intel-nation-state-attack-vector types. They think of Information Security as an extension of warfare in virtual space. They are often very strong on … Continue reading