Feeds:
Posts
Comments

Archive for the ‘Careers’ Category

2012 has been a very busy year for me, so far. Last winter I took and passed the ISACA Certified Information Security Manager (CISM) exam and in February, got a plane ride to Orlando to attend PCI-DSS Qualified Security Assessor (QSA) training from the PCI Security Standards Council.

I’m currently reading Christopher Hadnagy’s excellent book on social engineering; even if you weren’t in our profession, this book would be a fine resource because we all use social engineering to influence others. I wholeheartedly recommend his book and website at www.social-engineer.org!

Currently, most of my time is spent working to help merchants with their PCI-DSS compliance. I once thought I knew something about the PCI-DSS, but it’s like the iceberg, a LOT is under the surface. I’ve come to rely upon the outstanding Navigating the PCI DSS v2.0 document from the PCI Security Standards Council. It explains what the intent of the requirements are, which helps when you’re trying to translate this to a non-technical audience.

Recently, I decided to challenge myself in a different direction by volunteering to be the Communications Director for the ISACA Puget Sound Chapter. Being a member of a Board of Directors is a good-thing, career-wise and it’s nice to be involved in helping one of the professional organizations I belong to.

That’s it for now gentle readers!

Be well, and Be Happy.

Bill

Advertisements

Read Full Post »

Change is good.  Sometimes it can be painful and it may take a while to get some perspective and realize you’ve grown.  It’s all part of the process and I’ve learned to embrace or at least accept it.

What’s new?  I did a stint as an incident response handler earlier this year, then moved into SOX compliance and finally fell into a wormhole and emerged as an IT Security Auditor.  Not a stretch per se, but my information security talents have been stretched, in a good way, growth-wise.

So now I’m immersed in GLBA/FFIEC compliance engagements and have eyes on PCI-DSS and NERC-CIP work.  I’m thinking about adding another certification, possibly a CISM.

I’ve recently seen some friends in our industry brutalized by bad management, and then upon abrupt exits, become reborn and renewed, with a new sense of purpose and drive infusing their love of infosec.  In the past, many people helped me when I was ‘dazed and confused‘; if you find yourself able, reach out to someone and ask them ‘what’s the good word?’  Shower them with positivity and possibility!

Always keep moving and remember, even when you go one step forward, two steps back, you’re still making progress…

image courtesy of Impact Lab

Peace y’all

 

Read Full Post »

January is a time of reflection and renewal, thinking about the past year and the present one.  We use this time to measure ourselves and set or renew goals, pointing our inner compass needles towards our own True North.

Looking back, 2010 was a successful year for me.  I didn’t get to do some things or attend all the conferences I wanted, but other items were handily accomplished and some good work got done!

Foremost, I partnered with IOActive, Consciere, and Insyndia to do consulting work.  This led to interesting security audit, risk assessment and vulnerability assessment work and I was fortunate to meet and work with some great people.  Shouts-out to Erin Jacobs, Glenn Kaleta, David Baker, Tab Pierce, and Joel Scambray in particular!

I also earned my CISA which gives me a stronger understanding of formally auditing information security environments.  Now, I’m thinking of how to use this new-found knowledge and where I’ll go next.

What will 2011 bring?  As I chart this year’s course, I intend to visit new shores, make new acquantances, and continue to grow as a person and infosec professional.  I welcome the journey and it’s challenges!

Be well friends…

by Bill Wildprett, Suspicious Minds blog, Copyright 2011

Read Full Post »

After waiting two months to the day following the Certified Information Systems Auditor exam (CISA), I just learned that I PASSED!

Now I need to submit my Application for Certification to ISACA and wait another two months (so they say) for it to be approved before I can use my new certification title.

Reviewing my test scores by subject area told me that I didn’t do as well in some areas and better in others.  So, more studying is in order…

Oh Happy Day!  🙂

by Bill Wildprett, Suspicious Minds blog, Copyright 2010

Image courtesy of Pentax Salon

Read Full Post »

As information security professionals, a common refrain we hear is how difficult, but essential it is to communicate the whys, hows, and whats of security to management, other business units, partners, vendors, customers, etc.,  Whether its meaningful security metrics or why compliance is just the beginning of the whole security process, better communication can yield better results.

Recently, I’ve had the pleasurable opportunity to learn more effective ways of communicating professionally.  I attended a series of seminars and workshops sponsored by Paul Anderson from ProLango Consulting.  Paul specializes in career development and training, with an emphasis on using LinkedIn & Twitter to find opportunities, résumé optimization and advanced interviewing techniques.

I learned about how people communicate via words (7%), tonality (38%) and physiology (55%) and the essential elements in building rapport with hiring managers, co-workers, spouses, etc.,  Generally speaking, people are primarily visual, auditory or kinesthetic when they talk – everyone is all three but we all have a dominant type.

Visual people look up when speaking, speak faster and use phrases like “I see, what you mean”.  Auditory people look from side-to-side, speak slower and say things like “That sounds good to me”.  Kinesthetic people look down and may make physical contact with you as they speak.

Paul’s experience as a hiring manger at Microsoft and Expedia and his consulting work reveal that on average, recruiters take 7 seconds to review a résumé and hiring managers take 45 seconds to decide whether or not to hire.

His teachings focus on being able to build rapport effectively by matching and mirroring body language and tone of voice, then asking key questions designed to illustrate expertise and elicit the ‘pain points’ of the other party, in an attempt to find their need(s) so you can link them to your experience/product/service.  Finally, techniques to overcome objections while closing are taught.

Résumé optimization is about identifying the corporate values and desired employee traits mentioned in a job description, then fine-tuning the top-half of the 1st page so it speaks concisely in two to three sentences of how you’ll solve their needs and problems, not an ‘elevator pitch‘ of what you’ve done before, specifically.  A bullet list of core competencies relevant to the position’s requirements follows before the experience, education, and professional associations sections.

All of this was refreshing and enlightening; much of it grounded in basic common sense and how good salespeople work.  The concept behind building rapport is to become very quickly similar to the person you’re conversing with so they think: ‘I like me, they’re like me, so I like them’.

It isn’t about simple mimicry, it’s about listening closely, asking good questions, and filling their need with your expertise and experience.

So, give this a try when you’re next trying to sell security, interview for a job, or persuade someone.  Become like them in body language and vocal tone to build rapport ~ you may be pleasantly surprised by the results.

by Bill Wildprett, Suspicious Minds blog, Copyright 2010

<!–[if !mso]> <! st1\:*{behavior:url(#ieooui) } –> Hawai’i

Read Full Post »

I’m happy to report that Suspicious Minds is now seen on the following blogs!

Not to be a social butterfly, but to quote Dan Schwabel, it’s ‘not who you know, but who knows you!’ It’s part of my personal branding strategy.

So, it helps keep me motivated to write blog entries.

Bon Annee, mes amis! 🙂

Read Full Post »