Feeds:
Posts
Comments

Archive for the ‘Personal Growth’ Category

2012 has been a very busy year for me, so far. Last winter I took and passed the ISACA Certified Information Security Manager (CISM) exam and in February, got a plane ride to Orlando to attend PCI-DSS Qualified Security Assessor (QSA) training from the PCI Security Standards Council.

I’m currently reading Christopher Hadnagy’s excellent book on social engineering; even if you weren’t in our profession, this book would be a fine resource because we all use social engineering to influence others. I wholeheartedly recommend his book and website at www.social-engineer.org!

Currently, most of my time is spent working to help merchants with their PCI-DSS compliance. I once thought I knew something about the PCI-DSS, but it’s like the iceberg, a LOT is under the surface. I’ve come to rely upon the outstanding Navigating the PCI DSS v2.0 document from the PCI Security Standards Council. It explains what the intent of the requirements are, which helps when you’re trying to translate this to a non-technical audience.

Recently, I decided to challenge myself in a different direction by volunteering to be the Communications Director for the ISACA Puget Sound Chapter. Being a member of a Board of Directors is a good-thing, career-wise and it’s nice to be involved in helping one of the professional organizations I belong to.

That’s it for now gentle readers!

Be well, and Be Happy.

Bill

Advertisements

Read Full Post »

Change is good.  Sometimes it can be painful and it may take a while to get some perspective and realize you’ve grown.  It’s all part of the process and I’ve learned to embrace or at least accept it.

What’s new?  I did a stint as an incident response handler earlier this year, then moved into SOX compliance and finally fell into a wormhole and emerged as an IT Security Auditor.  Not a stretch per se, but my information security talents have been stretched, in a good way, growth-wise.

So now I’m immersed in GLBA/FFIEC compliance engagements and have eyes on PCI-DSS and NERC-CIP work.  I’m thinking about adding another certification, possibly a CISM.

I’ve recently seen some friends in our industry brutalized by bad management, and then upon abrupt exits, become reborn and renewed, with a new sense of purpose and drive infusing their love of infosec.  In the past, many people helped me when I was ‘dazed and confused‘; if you find yourself able, reach out to someone and ask them ‘what’s the good word?’  Shower them with positivity and possibility!

Always keep moving and remember, even when you go one step forward, two steps back, you’re still making progress…

image courtesy of Impact Lab

Peace y’all

 

Read Full Post »