the path to becoming a security professional
DESCRIPTION
The Path to Becoming a Security Professional. Andrea C. Hoy, CISSP, CISM President, ISSA Orange County CISO Executive Task Force Chief Technology Officer, iQwest www.securIT.us www.iQwest.com 12 April 2006. EDUCAUSE Marriott City Center, Denver, CO. My Background or. - PowerPoint PPT PresentationTRANSCRIPT
The Path to Becoming a Security Professional
Andrea C. Hoy, CISSP, CISMPresident, ISSA Orange County
CISO Executive Task ForceChief Technology Officer, iQwest
www.securIT.us www.iQwest.com12 April 2006
EDUCAUSEMarriott City Center, Denver, CO
My Background orThe Path I took to Become CISO for a
Fortune 200 & 500
Playground rules still exist
“Verbal Judo”
Glass ceilings did exist! But glass breaks
What I Learned on the JobSecurity Org Charts vary as much as 1st year students’ majors change!
Reporting Structures can Help or Hinder
Who you know not What you know – not always
Even Big Corporations Don’t Know what they Want, but They sure Know what they Don’t Want to Hear!
Where’s InfoSecurity?
CEO/President
Human Resources
OthersGeneral Counsel/
Legal
CIO/CTO
Corporate/Physical Security
CFO
CISO/ Information
SecurityOrganization
* State of the CISO 2002/2003/2004/2005 - PWC
“Job Description” Please!? WANTED – Candidate must…
1. Info Security Policy & Procedures2. DRP/BCP3. Enterprise Program Management4. Risk Management5. Fraud/Investigations6. Physical Security7. Non-IT Risk Functions8. Legal Liability – “Who gives the sample?”9. Windows/Mac/Linux/Unix/Sun Solaris/AIX10. CISSP/MCSE/Cisco/GIAC, etc..
The Perspective from Above
The CISO/CSO/CRO is a Strategic permanent position in the business.
2004 17% 2005 58%
I.S. is a Business Enabler and Essential to our Business. It is no longer an Overhead Cost.
2004 25% 2005 49%
What do the Troops look like on This Path? (Backgrounds)
HigherEducation
2003 Change 2004 Change 2005 CISO Forum2006
Academic Degree
52 +4 56 100%
JD 1 +1 2 -1 1 0
MBA/Other Masters
14 +2 16 +3 19 12/4
PhD 2 = 2 = 2 0
EDUCATION
*2003, 2004, 2005 data from CSO Magazine/Price Waterhouse Coopers – State of the CSO & CISO Exec Forum, ATL – March 2006
What do the Troops look like on This Path? (Backgrounds)
Certification 2003 Change 2004 Change 2005 CISO 2006
CISSPs 20 +10 30 +4 34 99%
CISAs 5 +5 10 = 10 7
CPPs 2 +7 9 +5 14 3
CISM N/A N/A ??? 13
Certifications
• Source: CISO Bootcamp, A. Hoy & Assoicates & State of the CISO 2003/2004/2005 -PWC
What do the Troops look like on This Path? (Backgrounds)
PREVIOUS OCCUPATIONS IT/IS 63% Physical Security Military Law Enforcement Business Operations Audit Other Legal
Highest (Most
Common)
to
Lowest(Least
Common)
10+5 to 92 to 4Only 10
StaffingHow Many Information Security Professionals are Enough
for Success?# of Full Time Info SecurityEmployees11%
23%
11%
31%
24%
* Slide from CISO Bootcamp – A. Hoy & Associates
How To Help Progress the InfoSecurity ProfessionGive Zen!• If you have made it to the
Boardroom/President’s Office,– DO Surveys!!!!– Share your story– Mentor a Student Intern or Hire a New Grad– Create a Succession Plan– Always maintain absolute integrity– Help your fellow InfoSecurity Professional/ CISO
to be get there!– Join IS organizations– Support your staff – Don’t take yourself too seriously!