Author Archives: Billy Boatright

#FirstMonday Day 1. Welcome.

Published by:

Entry Level: An individual who has yet to master general cybersecurity methodologies/principles. Individuals in this phase of the lifecycle may have job titles such as; associate cybersecurity analyst, associate network security analyst, and cybersecurity risk analyst for example.”

Congratulations, you finished school, got a couple certs under your belt, and made the leap into the ever-changing world of Cyber/Information Security.  Welcome to the world of Jr.-this and Associate-that.  Please, don’t get too hung up on job titles at this level.  They really only mean something to management.  The most important thing to do at this level is work and learn.  I like that ISSA International defines this as “An individual who has yet to master general cybersecurity methodologies/principles.”  This is spot on.  At this level of the CSCL (You all remember what that stands for, right?), you need to be a Jack (or Jill)-of-all-trades.

This is also the point in the CSCL that you will have the most wiggle room in terms of movement within an organization.  As you progress in your career, it will be increasingly more difficult to move laterally within an organization.  We will look into that in the coming months.  This is also the perfect time to create a network of contacts within the industry at all levels and throughout the world.  Chapter meetings and Industry conferences are the best way to do this.  Like I’ve shared before, I met the owner of the first company I worked for at a Local ISSA Chapter meeting.  We all work in the same industry, but we all have different jobs.  Take advantage of this vast pool of knowledge.

Finally, because you are just starting out, don’t get too enamored with “Rockstar” jobs in the industry.  I can give that advice, because I was guilty of it.  You can get those jobs, but remember this is Day 1.  There are dues to pay first.

Next month, we’ll bring you a real-life story of what the Entry Level looked like to one of our members.

https://www.issa.org/?page=CSCL

#FirstMonday Pre-Professional – Finding your Way

Published by:

Apologies for being a week late.  The dog ate my cyber 🙂

Pre-Professional: any individual who has not yet (and never has) obtained a position working in the cybersecurity field. This may include anyone who has interest in working in this area with or without formal training and education in the field. Examples of individuals and or situations who may be part of this phase are: individuals who are switching careers (former military, IT, retail, law enforcement, etc.) and students (high school or university).

Last month, I told you a little of my story in the Pre-Professional level of the Cybersecurity Career Lifecycle (CSCL).  Take the time while at this level to be a sponge.  Learn as much as you can, from as many sources as you can.  Both ISSA International and your Local Chapter have numerous learning opportunities, take advantage of them.  A good one that ISSA International offers are the CSCL Pre-Professional Virtual Meet-Ups.  I’m now going to brag about my Chapter.

We offer an annual CISSP review course.  The CISSP is by no means a Pre-Professional certification.  However, just taking the course can lead you down your path.  I would like to call out our Chapter Leadership for finding great subject-matter experts to mentor the course.  Understanding the real-world application of each domain is invaluable.

Another great place to learn is from Chapter meetings.  I remember a meeting we had that didn’t really interest me, based on the topic.  Even after the meeting, the topic still wasn’t high on my list of things to learn about.  However, the speaker that day did a tremendous job of walking us through the process she used to determine the best solution for her workplace.  That was my great take away from the meeting.  One day, along my CSCL, I might be tasked with determining the best solution to a pressing need.  I’ll be glad that I will have had the experience of listening to the story of how she went about doing it.

To conclude, use this time to become a Jack (or Jill)-of-all-trades.  As you will read in the coming months; the more you progress through the CSCL, the more specialized your work will become.  Next month, we step up to the Entry Level.  See you there!

https://www.issa.org/?page=CSCL

#FirstMonday Pre-Professional

Published by:

Pre-Professional: any individual who has not yet (and never has) obtained a position working in the cybersecurity field. This may include anyone who has interest in working in this area with or without formal training and education in the field. Examples of individuals and or situations who may be part of this phase are: individuals who are switching careers (former military, IT, retail, law enforcement, etc.) and students (high school or university).”

I was there once.  And this stage can be very difficult.  I remember attending my first Defcon conference and just being blown away at how smart everyone was.  I thought, maybe information security wasn’t for me.  Then I was given some great advice by someone I met, “Stop comparing my behind-the-scenes to others highlight reels.”  This changed everything.  Realizing that no one was born with the knowledge, and that they all had to work and put in time really put me on the right path.

I fit into both of the last categories from the Pre-Professional definition; I was looking to switch careers and I was a student.  I was working as a bartender, but I decided to switch my major to Information Systems and begin studying for some of the entry-level certifications.  By the time I finished my bachelors, I already had 2 CompTIA certs under my belt.  This is when I found the Las Vegas ISSA Chapter.  It was time to find out which part of the cybersecurity field I was best suited for.  By attending meetings, I was exposed to different facets of the industry.  I finally found one sector that really interested me.  I was introduced to it by a Speaker at one of the meetings.  I eventually got my first job in the industry with his company.  It was a great experience.

In conclusion, just remember that whomever you look up into in the industry paid their dues and earned their stripes just like you are trying to do right now.  Don’t be discouraged, keep moving forward.  One day, you’ll have a highlight reel of your own.

https://www.issa.org/?page=CSCL

#FirstMonday CyberSecurity Career Lifecycle Levels

Published by:

Welcome to our second installment of FirstMonday.  ISSA International has done a great job of creating levels within the CyberSecurity Career Lifecycle (CSCL) that are very easy to understand.  Below are the levels as explained by ISSA International:

Pre-Professional: any individual who has not yet (and never has) obtained a position working in the cybersecurity field. This may include anyone who has interest in working in this area with or without formal training and education in the field. Examples of individuals and or situations who may be part of this phase are: individuals who are switching careers (former military, IT, retail, law enforcement, etc.) and students (high school or university).

Entry Level: An individual who has yet to master general cybersecurity methodologies/principles. Individuals in this phase of the lifecycle may have job titles such as; associate cybersecurity analyst, associate network security analyst, and cybersecurity risk analyst for example.

Mid-Career: An individual who has mastered general of security methodologies/principles and have determined their area of focus or specialty. Individuals in this phase of the lifecycle may have job titles such as; network security analyst, cybersecurity forensics analyst, application security engineer, network security engineer. Individuals who are nearing the “senior level”, may begin to hold job titles such as senior network security engineer, senior cybersecurity analyst for example.

Senior Level: An individual who has extensive experience in cybersecurity and has been in the profession for 10+ years. These individuals have job titles such as senior cybersecurity risk analysis, principal application security engineer, director of cybersecurity, etc.

Security Leader: An individual who has extensive security experience, ability to direct and integrate security into an organization. These individuals have job titles such as Chief Information Security Officer, Chief Cybersecurity Architect, etc. After extensive periods of leadership – some become recognized industry leaders.

Now, what does this mean to us in Las Vegas?  First off, Pre-Professional and Entry Level often overlap.  Many have gotten that first job while still in school.  Another thing to consider is the fact that a person may have to move to many different companies throughout their CSCL.  Once a person reaches a certain level, there are only so many C-suite jobs within any given company.  In addition, Cybersecurity is not a static world.  The people that work at each of these levels must continue to educate themselves.  This is where local chapters really help.  No matter what level you are at, you can always learn something.

Next month, we will dive into more of what a Pre-Professional looks like.  As we go into each of the levels, there will be more real world examples of what that level actually looks like.  Thank you.

https://www.issa.org/?page=CSCL

#FirstMonday CyberSecurity Career Lifecycle Goals

Published by:

This year we are going to dive into the CyberSecurity Career Lifecycle (CSCL).  This initiative was put forth by ISSA International a couple years.  Let’s start with the goals of ISSA International and then we’ll dive into how this can help our local membership grow in their own careers throughout the year.  First the goals of the CSCL:

  • International, standardized definitions and acceptance of cybersecurity roles
  • Reduced costs & issues associated with hiring for the wrong role vs. what is really needed by the business
  • Resources for companies that alleviate them from having to develop job descriptions and other materials
  • Understanding of the skills & knowledge necessary for success in cybersecurity jobs, as well as clear definitions of what responsibilities are necessary to meet expectations

The first goal is pretty standard.  Let us create cybersecurity roles that are accepted internationally and consistent.  A cybersecurity analyst in Chicago should be doing roughly the same job as an analyst in France.  This helps us all speak the same language.

If we can do this, we tackle the second goal.  By having standardized roles, we can reduce the time and effort it takes a company to hire the right people for the business needs.  Standardized roles also help us tackle the third goal.

Imagine a company is looking for a Security Auditor, that company could essentially “copy/paste” the ISSA job description.  Then that company could just tweak the job description to fit its own needs based on what compliance policies it must follow.

Personally, I feel the fourth goal is the most important, and I really appreciate the language they used.  As a Pre-Professional (more on that in another post), I passed a number of certification tests.  I had the knowledge, but not the skills to be successful in a cybersecurity job.  As a chapter we need to help with both skills and knowledge.  Here in the Las Vegas Chapter we are tackling the knowledge part by offering a CISSP Review Course.  We have also been discussing a mentorship program that will give the participants the opportunity to learn the skills from a number of different people within the cybersecurity industry.

This is a quick overview of the goals of the CSCL.  Next month, we will dive into some the jobs that are available in the cybersecurity field.  That will be fun because there are a bunch that I bet many of us hadn’t thought of before.

 

Resources:

https://www.issa.org/?page=CSCL

2015: A Look….Ahead

Published by:

The end of the year is usually a time for reflection.  This year, we will use this time of year to look ahead.

The main thing we are going to concentrate on during 2016 is the Cyber Security Career Lifecycle (CSCL).  This initiative was put forth by ISSA International.  They divided the Lifecycle into five parts: Pre-Professional, Entry Level, Mid-Career, Senior, and Security Leader.  Each group is then given suggestions to things that they should be doing at that point in their careers.

The reason the Las Vegas ISSA Chapter wants to focus on this is because we have members and others that attend our meetings at each of these stages, and the only way to help others move through the different sectors, is with the help of those in the higher sectors.

This coming year the first thing we will be offering is a CISSP Review Course, starting January 30th.  I recommend this course for anyone that might consider themselves Pre-Professional, Entry Level, or Mid-Career.  Usually, the Senior and Security Leaders are the mentors for the class.  Whether or not you are ready for test, the knowledge is awesome.  On a personal note, the physical security stuff taught by Joe McDonald will blow your mind.

In addition to the CISSP Review Course, we will be having a #FirstMonday post that will dive into each of the five parts of the CSCL individually.  This will help our members and friends understand where they might be in their careers in cybersecurity.  The First Monday of each Month, we will take an in-depth look at at each of the levels of the CSCL.

We also look forward to adding additional relevant content throughout the year.  For example, a monthly review of the ISSA International Journal.  This Journal often gets overlooked in our already cramped inboxes.  That means that it is the responsibility of the Chapter to let the members and friends of the Chapter know what is happening at the ISSA International level.