We all know that the Internet presents you with thousands of websites talking about the latest security threats, breakthroughs and technologies. However, it’s not easy task to find useful information about how to conduct our Information Security, Risk Management and Compliance careers to become better professionals. That’s the main reason why My Infosec Job was created: to be a reliable repository of information to govern your career through a successful path.
As such, your participation is paramount to enrich our knowledge,either by sharing your experiences and comments, or your perception of market trends and trenches.
Today I’m proud to bring you a new My Infosec Job section called “Be My Guest”, an open space for you to publish articles and share opinion with thousands of readers in more than 130 countries around the world, promoting a healthy discussion of your point of view and at the same time having a respectable site shining the spotlight on you. For more information on how to submit your article, please get in touch with us.
To open the Be My Guest section, we bring you an excellent reading by Denny Roger, an accomplished Infosec Professional from Brazil with several years of experience in the field (mere details about him at the bottom of the article).
Enjoy your reading, and don’t miss the chance to become one of our columnists!
-Adriano Dias Leite
The immortals and mortals of information security
By Denny Roger
Every day I receive emails requesting information about information security courses and certifications. My answers by email or during a lecture are always controversial, especially when I am speaking at some university. Let’s understand what really happens.
I was talking with two colleagues about how to get a good job. One of the issues discussed was how the interviewer can evaluate your knowledge. The issue came up because many professionals hold positions in the information security without having what it takes to perform the function. The fault is not of the professional who is performing the function, but the person who hired the “professional”.
The person who is recruiting do not have the knowledge necessary to evaluate the professional profile. This fact occurs all over the world. However, the employer evaluates the candidate’s knowledge through the indication and certifications.
First of all, the indication doesn’t work because the candidate can provide the contact of a friend or relative as a reference. It is obvious that the friend or relative will provide good references. This happens very often.
Second, the company requires you to have certain certifications. If you want to get a job or increase your salary, just studying and pass in some exams (for example, CISSP).
Third, many professionals are certified because the company paid the required certification. Some times, the employer required that the employee has a certification.
There are many cases where the professional is certified in a particular technology but works in another area. For example, one of our co-workers recently achieved CCIE certification. However, this professional works with Windows systems. In other words, has experience in one area but is certified in other. This co-worker only “sought” the certification because the company requested.
Pages: 1 2