Comments for My Information Security Job

Comment on 5 Scary Types of Security Professionals You Will Meet in Your Career by MD

MD — Wed, 04 Apr 2012 20:04:59 +0000

Good article Adriano,

As you indicated in article chances are you’ve met someone that posses all 5 mentioned qualities(personally i did) but yet to meet someone who posses both very deep hands-on experience mixed with theoretical ones-i think this is because security field is very large w/ so many domains. Maybe that comes with time on the job and some credentials(schools+certifications)…good reading though.

Comment on 5 Scary Types of Security Professionals You Will Meet in Your Career by Zman

Zman — Wed, 04 Apr 2012 12:41:41 +0000

I defintely agree with the findings, I have met a few, and even been a few of these during my Infosec career, but the author hits the nail on the head that infosec needs to be more “in-tune” with the bussiness needs, its not about saying “no” its about getting to “yes” and that is going to take compromise, and some risk management and threat modeling of your processes and proceedures. Then you can better present the issues at hand to the business and make it palitable in their eyes and then you will probably see your security posture improve.

Comment on 6 Reasons Why You Should NOT Work With Information Security by Pekae

Pekae — Wed, 04 Apr 2012 07:36:50 +0000

Only just caught up with this – great, humorous article Adriano. Having been in IT 35 years and InfoSec for 15 of them, it really rings true (with a grain of tongue-in-cheek).

All I can say to Cellus is, if he rarely works more than 40hrs a week, then he’s not living in the real world (or making an effort!), which sums up his whole reply.

Comment on 5 Scary Types of Security Professionals You Will Meet in Your Career by Ian Tibble

Ian Tibble — Wed, 04 Apr 2012 03:14:22 +0000

Good article, thanks.
Infosec as an established business practice is only about 15 to 20 years old and we’re still learning. I think most of us look for a sense of balance but none of us know where the balance point is, plus – lest we not forget, security is complex. With all this we can easily say that nobody’s perfect and we’re also not in a position to say “i’m better than him [or her]“…because there’s no reference point.
What criteria do we use to measure effectiveness as a security professional? CISSP? Ultimately we’re not in any position to pass judgment my friends.
One thing for sure though, if we’re sat on a project board and we’re asked to make a call on risk for something like a new app deployment, I would hope that we actually have seen a command shell prompt before and had some fairly major IT experience (this is related to at least one of the categories mentioned here).
Just my opinion – Analysts need to be tech-oriented to a heavy degree. It’s all about balance. We need some sense of business costs when we’re proposing safeguards, but hopefully our managers have a handle on that too. But as to how “tech” or how “businessey” we need to be…who can say?

Comment on 5 Scary Types of Security Professionals You Will Meet in Your Career by theman

theman — Tue, 03 Apr 2012 22:29:31 +0000

Obvious. I hope you got paid for writing this. Does it mean I can quit deciphering fw/router rocket science bug release notes and midnight reloads?

Looks like I can just spend 20 minutes a day writing Dilbert stories about dysfunction in the IT Sec workspace and have enough money left over to hot-wax my Benz.

Comment on 5 Scary Types of Security Professionals You Will Meet in Your Career by David D

David D — Tue, 03 Apr 2012 14:10:11 +0000

What all of these five types have in common is in being categoric and absolute in promoting data security. Besides being simplistic it’s also unprofessional. Whenever I’m asked about whether specific IT practices and behavior should be permitted I always say that a risk assessment is first in order to see if there’s a possible business justification. This can entail a lot of work and the lazy prefer working off a check list.

Comment on 5 Scary Types of Security Professionals You Will Meet in Your Career by Sitaram

Sitaram — Tue, 03 Apr 2012 13:55:34 +0000

Very interesting article. Nice to know.

Comment on Security Challenge #2 – PCI DSS by JJ

JJ — Tue, 03 Apr 2012 01:55:50 +0000

Wow, you broke into the bank where I work and stole one of our network diagrams. Y’all just hire the wrong type of QSA.

1. Install DLP on all desktops, servers and exit points. DLP fixes everything wrong with a flat network and unencrypted servers.

2. Install NAC on the non-data center switches to keep unauthorized sniffers off the network. Yes, apparently it is OK to have a malware-installed sniffer on one of our servers.

3. Pass GO and collect your RoC and bonus.

Comment on 5 Scary Types of Security Professionals You Will Meet in Your Career by notorious

notorious — Tue, 03 Apr 2012 01:45:05 +0000

I was expecting to read about 1337 hackers!

Comment on Immigrating to Australia as an Information Security Professional – part 4 – Finding a Job by Sandeep Saini

Sandeep Saini — Fri, 23 Mar 2012 07:21:11 +0000

Hi Adriano,

I appropriate the efforts you put in place to make people understand about the Information Security Job market in AUS.

I am very much impressed with all your articles & personally want to thank you for the same.

I really want to immigrate to AUS but fears due to the future unemployment.

Kindly guide me when I really need to start & where exactly.

Thanks & Regards,

Sandeep Saini