hosted by staffing security positions how to choose the right personnel jeffrey posluns, cisa,...
TRANSCRIPT
![Page 1: Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc](https://reader036.vdocuments.us/reader036/viewer/2022083008/56649ee55503460f94bf53f7/html5/thumbnails/1.jpg)
Hosted by
Staffing Security Positions
How To Choose The Right Personnel
Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC
SecuritySage Inc.
http://www.securitysage.com
![Page 2: Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc](https://reader036.vdocuments.us/reader036/viewer/2022083008/56649ee55503460f94bf53f7/html5/thumbnails/2.jpg)
Hosted by
Identifying Positions
Management• IT
• Security
• CSO / CIO
Technical• Implementation
• Administration
• Documentation
• Active vs. Passive
Security• Physical
• Monitoring
• Incident Response
• Communications
![Page 3: Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc](https://reader036.vdocuments.us/reader036/viewer/2022083008/56649ee55503460f94bf53f7/html5/thumbnails/3.jpg)
Hosted by
Understanding Skills
IT• System Installation
• System Administration
• Patch Systems
• Monitor System Logs
• Backup Systems
• Follow Security Rules
• Systems Documentation
Security• Security Configuration
• Security Administration
• Understand Patches
• Monitor Security Logs
• Ensure Backup Security
• Ensure Rules Are Followed
• Security Documentation
![Page 4: Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc](https://reader036.vdocuments.us/reader036/viewer/2022083008/56649ee55503460f94bf53f7/html5/thumbnails/4.jpg)
Hosted by
Understanding Skills (2)
Most IT & Security Personnel Have
Experience In Both Areas!
Determining Where A Particular Person
Can Best Fit In Can Be Difficult!
![Page 5: Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc](https://reader036.vdocuments.us/reader036/viewer/2022083008/56649ee55503460f94bf53f7/html5/thumbnails/5.jpg)
Hosted by
Certifications (Product)
MCSE (Microsoft Certified Systems Engineer)
• Microsoft - http://www.microsoft.com
• Specific Information About A Product
CCNA (Cisco Certified Networking Associate)
• Cisco - http://www.cisco.com
• Specific Information About A Series Of Products
CCSA (Check Point Certified Security Administrator)
• Checkpoint - http://www.checkpoint.com
• Specific Information About A Product
![Page 6: Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc](https://reader036.vdocuments.us/reader036/viewer/2022083008/56649ee55503460f94bf53f7/html5/thumbnails/6.jpg)
Hosted by
Certifications (Technical)
SANS GIAC• SANS - http://www.sans.org
• Specific Security Topic For Each Certification (There Are A Few)
SSCP (Systems Security Certified Practitioner)
• ISC2 - http://www.isc2.org
• Broad Range Of Security Topics (Similar To SANS GSEC)
![Page 7: Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc](https://reader036.vdocuments.us/reader036/viewer/2022083008/56649ee55503460f94bf53f7/html5/thumbnails/7.jpg)
Hosted by
Certifications (Management)
CISSP (Certified Information Systems Security Professional)
• ISC2 - http://www.isc2.org
• Broad Range Of Security Topics
CISM (Certified Information Security Manager)
• ISACA - http://www.isaca.org
• Security Management Specific
![Page 8: Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc](https://reader036.vdocuments.us/reader036/viewer/2022083008/56649ee55503460f94bf53f7/html5/thumbnails/8.jpg)
Hosted by
Certifications (Issues)
Learning To Pass A Test?vs.
Knowing & Understanding The Materials?
Someone With A Certification?vs.
Someone With Years Of Experience?
![Page 9: Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc](https://reader036.vdocuments.us/reader036/viewer/2022083008/56649ee55503460f94bf53f7/html5/thumbnails/9.jpg)
Hosted by
What You Want In A…
Security Technologist• Specific understanding of
multiple technologies
• Technical expertise
• Communication skills
(speaking and writing)
• Documentation skills
• Ability to work in a team
• The desire to improve one’s
self and learn more
Security Manager• Broad understanding of
multiple technologies
• Management techniques
• Communication skills
(speaking and writing)
• Documentation skills
• Ability to direct a team
• Ability to distinguish
between technical skills
![Page 10: Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc](https://reader036.vdocuments.us/reader036/viewer/2022083008/56649ee55503460f94bf53f7/html5/thumbnails/10.jpg)
Hosted by
Security Career Paths
Progression• System Administrator
• Security Administrator
• Security Manager
Certification• Product Certifications
• Technical Certifications
• Management Certifications
Why would someone NOT get a certification?•Attitude / “certifications just mean you can pass a test”
•Apathy / Lack of understanding of how it can benefit them
![Page 11: Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc](https://reader036.vdocuments.us/reader036/viewer/2022083008/56649ee55503460f94bf53f7/html5/thumbnails/11.jpg)
Hosted by
Evaluating A Resume (Beyond the norm)
Past jobs• IT specific with security functions
• Security specific job description
• Team leader or team member
• Communications skills
• Publications or papers written
Memberships & Affiliations• Affiliated with any public security forums?
• Contributions to open projects?
![Page 12: Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc](https://reader036.vdocuments.us/reader036/viewer/2022083008/56649ee55503460f94bf53f7/html5/thumbnails/12.jpg)
Hosted by
In The Interview
Communications Skills• Explain a concept to both a technical and a non-
technical person (simultaneously)
• Write a sample paragraph describing a security
issue (~200 words)
Your Thoughts• Will this person’s skills grow from technical to
management?
• Will this person want to move into management,
or will he/she be happy as a senior tech?
![Page 13: Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc](https://reader036.vdocuments.us/reader036/viewer/2022083008/56649ee55503460f94bf53f7/html5/thumbnails/13.jpg)
Hosted by
Summary
Skills and requirements
What is on paper vs. what’s in their head
Growing as an individual within the company
The resume vs. the person
![Page 14: Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc](https://reader036.vdocuments.us/reader036/viewer/2022083008/56649ee55503460f94bf53f7/html5/thumbnails/14.jpg)
Hosted by
QUESTIONS?
Thank you!
Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC
SecuritySage Inc.
http://www.securitysage.com