Feeds:
Posts
Comments

Archive for November, 2009

It’s a great time to be a security professional, always so much to keep learning and to do!  I’ve been working on personal and professional growth, looking for ways to define myself as a consultant and differentiate myself from the ‘Big Guys’.

I’m all about providing excellent customer service and really becoming a partner with my clients.  Part of the process is identifying who your target market(s) are and what they really need.  To this end, my friend and career mentor Mike Murray turned me on to an outstanding book ~ ‘Book Yourself Solid’ by Michael Port.  I haven’t finished reading all of it yet because it is a process-oriented work, with lots of exercises and a workbook.  I simply cannot say enough about how helpful this book (and the companion website) is; it’s all about what it truly means to be a service professional and strategies for romancing your potential clients into ongoing fruitful relationships.

It all just resonates so much with me ~ do what you said you’d do, listen first, ask lots of questions, act with integrity and purpose, provide stellar service, be helpful without any expectations.  Whether you’re in business for yourself, or an employee, the principles and guidance are the same.

Read this book!

Other than that, I’m studying CISA materials for the exam next June and am re-reading NIST SP-800-53 and SP-800-53A.

Be well people!

Bill

Read Full Post »

As I’ve said before, one of the main things I love about information security is the need to keep learning ~ the field keeps expanding, Big Bang-like and it behooves one to stretch themselves, out of their comfort zones and in new directions.

Friends of mine had been recommending I learn more about IT auditing, to gain a better perspective on how controls are applied, and why.  To that end, I took a three-day Certified Information Systems Auditor (CISA) training course from CertTest in early November.

Wow, that was pretty cool!  I learned a lot of new stuff and reviewed things like NIST SP-800-53 and ISO 27002 that I knew something about, but not in the same depth.  So, I’m now embarked on a study cruise towards the June 2010 CISA exam from ISACA.  Maybe I’ll work as an IT auditor, maybe not, but either way, I’ll know a lot more about the business side of the proverbial ‘house’ and it’s GRC drivers.

All this dovetails with my ongoing study of CobIT 4.1, NIST SP-800-53, and the ISO 27K series ~ I’m focused on becoming the best Governance, Risk Management & Compliance professional I can be!

If you have any helpful hints, suggestions, study advice, please ping me.

Shouts-out and props to Dave Cannon at CertTest for being an awesome and inspiring instructor!

And, I ate some Serious ‘Que at the Hard Eight in Irving TX with my CertTest classmates…

Later friends!

Read Full Post »

https://suspiciousminds.wordpress.com/

 

Read Full Post »