Teleseminar – Scott Blake on “Being a CISO”

November 30, 2006

The fourth episode of the Episteme IT/InfoSec Career Portfolio Teleseminar & Podcast Series will feature my good friend and former colleague Scott Blake of security research company Echelon One.

This episode is going to be all about getting to the top echelon (no pun intended) of the information security world: the ins and outs of the world of a Chief Information Security Officer. Scott is the former CISO of Liberty Mutual Insurance, where he was incredibly successful in building a security program based on a real understanding of risk and business-driven security. Before that, Scott and I share a similar background – he build one of the earliest security research teams at Bindview. That team (RAZOR, for those who don’t remember) was one of the most prolific out there, and its former members are some of the most brilliant security researchers around.

Scott is one of the best security executives I have had the pleasure of meeting in my career – he’s smart, intuitive about the security industry, and he understands what the business needs of the enterprise are when it comes to security. He also understands the way to build a security career from the bottom up – he can give a lot of insight into what CISOs want, what they’re like, how they think, and how to become one.

The teleseminar is going to take place at 1PM PST/4PM EST on Thursday, December 12th. Send an email to episteme_tele@aweber.com to sign up for the Mailing List and the call-in info.

If you have questions that you would like to see Lee and I discuss on the call, please leave them in the comments below.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Podcast – Integrated Thinking for IT

November 29, 2006

The first episode of the Episteme Career Portfolio Podcast Series is ready – this episode is a recording of the teleseminar with Linda Ferguson on Integrated Thinking for IT.

On the call, Linda and I talked about all sorts of interesting skills needed for an incredible IT career. We especially focused on the interplay between intention and attention, and the way that we can use purpose and focus to create results in code, in technology and with people. We also spent a significant amount of time focusing on what it means to be “good with people”, and how the skills involved allow an infosec and IT professional to develop their career more signficantly.

Click here to download the latest episode.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Teleseminar – Lee Kushner on “Getting Hired, Getting Promoted and Building a Career”

November 29, 2006

After tomorrow’s teleseminar with TK, the next upcoming episode of the Episteme IT/InfoSec Career Portfolio Teleseminar & Podcast Series will feature my good friend and InfoSec recruiting guru Lee Kushner, president of LJ Kushner & Associates.

As an example of how to build brilliant networks, Lee and I first met in an elevator at BlackHat a couple of years ago – we’ll probably tell the story on the call, because it’s such an interesting piece of serendipity. And, since then, Lee has been one of the first people I talk to when making a career move – he’s one of the most astute observers of the trends going on in information security, and he really understands the way that sustainable and successful careers are built in this industry.

Because of that brilliant insight and the amount of time he spends with people who are building their careers, he really has a great understanding of the beliefs, knowledge and wisdom that make an information security pro a success, whether early in their career or as a security executive. And we’ll talk about all of those things on the call.

The teleseminar is going to take place at 1PM PST/4PM EST on Tuesday, December 5th. Send an email to episteme-tele@aweber.com to sign up for the Mailing List and the call-in info.

If you have questions that you would like to see Lee and I discuss on the call, please leave them in the comments below.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

On Employee Morale (with a Guest Host)

November 27, 2006

I’ve spent a lot of time on here lately talking about careers, but one of the topics I originally wanted to spend time talking about here is the kind of management that can lead someone to want… no, actually, need…. no, beg and plead to come work for your company.

Well, my beautiful and brilliant wife beat me to it. So, today’s post is written by Melina Murray… take it away, Melina:


I was just talking to someone who had a pie competition at work. A real, major pie competition. The whole company either baked a pie or went to the tasting. And they had awards for the winners – First place, 2 tickets to SF (from Oregon).

That was just one of the things that this brilliant company sponsors/puts on throughout the year. They bring in bands during lunch time some days, they encourage different groups getting together (at work, during work hours) to have a drink and get to know each other, when they otherwise would not interact. For competition events, they give away anything from trips to iPods. These are all pieces that make this company a great place to work. Yes, this is a profitable, private company. But that shouldn’t matter.

In order to have a “great place to work”, the people, the employees have to WANT to come to work. They need to see 2 things; 1. that their works matters in the big picture, and 2. that they are valued and appreciated. So many companies do neither. It is honestly pathetic.

It really isn’t about the prizes, although trips and gadgets are nice. It is about fostering an environment that says: “Sure, you’ll have to work your butt off, but let’s have fun together”.

As a leader, do you really want your employees to come to work every day, waiting for the clock to hit 12 and then 5? When asked about their job, do you want your employees to say “it’s OK, it’s a paycheck“?

Or- do you want them to say: “XYZ is a pretty cool place to work. We do these amazing projects and have a fantastic team“? Or do you really want them to say: “I love my job. Working at XYZ is more fun than I ever imagined. Sure, we work hard, but we also have tons of fun“?

Think about the fact that this is marketing. It isn’t media marketing, but grassroots. If you were thinking of going with a product or service, what would you think of a company that has miserable, apathetic employees, versus one with enthusiastic employees? It can make a difference.

The kicker- it isn’t hard to do!! You don’t have to be profitable, you just need to put in a little effort. First and foremost, this mentality has to start with the CEO/President. The leader of the company has to want to espouse the environment. After that it trickles down through the executive management team and HR. If the leader of the company is not on board, any efforts will flop and fail.

Let me get back to HR for a moment. The role of a human resources professional at a company can be difficult. You have to be an advocate for the company and the employee. This can be difficult at times and requires a level head, complete confidentiality and honesty. Just because someone’s title says “HR”, does not mean that employees will feel open to talking. Relationships have to be grown and fostered. Sitting in an office all day, or staying within the same group only seeks to distance any potential relationship between HR and the other employees. Companies are changing from what they were 20 years ago. HR is not just about payroll, worker’s comp and benefits. It is about creating and enhancing the workplace environment to make it a place people want to come to.

And managers are as responsible for their employees happiness as the CEO and HR. A manager who plays favorites, is unavailable or confrontational is doomed to have a miserable team. Managers who promote team work (collaborating), who take steps to grow their people, who put on impromptu events for their team are very likely to succeed in having a motivated and excited team.

Back to my original rant. It is easy to have fun. It doesn’t require plane tickets or iPods, or amazon gift certificates, although those are nice perks. Contests are always a great way to bring people together. Prizes can be anything from a half day, to a full day off, a really cool award/plaque, a special parking space, small gift certificates, or anything else. Potlucks can be a great way to gather everyone. Some people love to cook, and most people love free food!

It requires saying- “Hey, I know you work hard, so let’s have a lunch so I can say ‘thanks’“. It can be as easy as having the CEO/President take one lunch (just one) a quarter that she/he spends at the office, talking with any and all employees. As inexpensive as 10 boxes of pizza in the conference room. A time where anyone from the receptionist to the mail room clerk to the QA manager can come in and chat. This says “I care, I see you, and I hear you“.

Think about how much it costs in time and lost productivity to replace someone, then ask yourself how much these events really cost the company. I’ll bet the answer is “not much”.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Greatness and Procrastination

November 25, 2006

We all love to procrastinate at times – nobody more than me. Sometimes it takes me a long time to get my momentum up and moving to make things really happen in my life.

Kent had a great post recently about getting going:

The world is moving too fast for perfect plans. Yes, you need to plan your project, proposal, business, meal – whatever – but at some point you need to execute the plan. You need to get out there and do something.

This reminded me of a brilliant quote that I heard recently from one of my favorite podcasters:

You don’t need to be great to start, but you need to start to be great.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Making the Room Work

November 24, 2006

On the heels of my recent interview with Business Networking Advice, Linda posts a great thought about networking:

We are entering the season of networking: it’s a perfect time to observe the difference between the people who are working the room and the people who are making the room work.

This is one of the best differentiators between most people out there who learn “networking” and really great networkers (like Tim Keanini) – they make things happen that serve people rather than looking for people to serve them. That’s what real networking is about.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

SSSE Domain 5 – Software Engineering

November 23, 2006

A great security engineer doesn’t really need to BE a software engineer – they just need to know how one thinks, and the important concepts that a software engineer knows. The reason for this can be seen in almost all risk assessment and analysis – in order to understand the risk that a piece of software presents, the engineer needs to have a fundamental understanding of how it was designed.

For that reason, we focus on software engineering principles in this domain rather than on a specific language. The goal is to understand concepts like handling user input, the purpose of encapsulating functions, and how software is designed. This can allow the engineer to internalize the concepts of software design and implementation, so that they can ultimately intuit a back-end design from seeing the implementation (which is a trait that all brilliant reverse engineers and vulnerability researchers have).

That said, it is important that the engineer has spent some time coding – for that reason, study within this domain should include some time spent learning a programming language and becoming proficient in developing some sort of software (whether a 100-line script or a 10000-line application) – the value of actually doing something with software can’t be over-stated in learning these skills.

Required Text

Code Complete – I read this book first after my freshman year in computer science at the University of Toronto for summer reading, and it really moved me from understanding coding to understanding software – Steve McConnell takes you through all of the interesting and important concepts of developing good software, from design all the way to style. This one is a brilliant introduction to understanding what software really is.

Supplemental Texts

Software Engineering – The Pressmans have written the soup-to-nuts reference on software engineering here. This one’s worthwhile to have it on your shelf, if only because the answer to just about any question that you’d want to ask lives in here.

Some text on coding in a language of your choice – I’m not going to recommend a text on coding here, because there are many good ones for each of the languages that you might pick. If you’d like some help with deciding on a language to learn, leave a comment or drop me an email.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Teleseminar – Tech Skills, Creativity and Networking with Tim Keanini

November 23, 2006

The second episode of the Episteme IT/InfoSec Career Portfolio Teleseminar & Podcast Series will feature my brilliant colleague and friend Tim Keanini (aka TK) of nCircle Network Security.

I first met TK when he joined nCircle in 2001, and I was immediately amazed by his ability to synthesize technology and manage people. While lots of people are good at one or both, TK manages to combine the two in a way that is beyond rare. The longer I got to know TK, I realized that he does three things better than almost anyone else I have ever met.

  • In moving up the corporate laddder, he has managed to stay an incredible technologist, as well as maintaining his passion for technology
  • TK has an incredible ability to use “synthetic thinking” – he is as likely to pull a great technical idea out of a book on sociology or history as out of a technical book. He can use ideas from anywhere to start up his creative engine.
  • He has an incredible network of people around him – it’s impossible not to love TK, and so he makes friends where-ever he goes. It has created a group of incredibly smart people around him who are available to help whenever he needs it.

These are skills that just about anybody could use more of – and, while there are lots of books out there that claim to teach them (especially the third one), TK’s a natural at it. So, I asked him to come on and talk with me about all of the cool things that he does and all of the thoughts that he has about how he does what he does.

The teleseminar is going to take place at 1PM PST/4PM EST on Tuesday, November 28. Click here to sign Up For the Mailing List to get the call-in info.

If you have questions that you would like to see TK and I talk about, please leave them in the comments below.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

The Social Imperative

November 23, 2006

Amrit had some great points the other day in his post that everybody’s quoting these days entitled Information Security Must Evolve. And he echoed some of the things that drove me to create the teleseminar series. From his article:

Security professionals must have a better understanding of the business they are hired to protect, must posses more soft skills such as communication and cooperation, and must evolve their skill against the dynamic threat environment and the evolving business infrastructure.

The importance of social and business skills can’t be underestimated – the reason that people like Amrit and Jim C are successful in their information security careers isn’t because of their brilliant technical skills. While they’re both technically competent, that’s not their real skill.

Their real skill is in understanding the changing currents in both business and in people, and understanding how to navigate those currents. Those are the skils that you really need to learn as you move through your infosec career.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

The 2nd Order Job Description

November 22, 2006

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

Next Page »

Forget the Parachute, Let Me Fly the Plane

Learn the same processes that the most successful people follow to find the job of their dreams!

Get your copy now!

Read more...

Frustrated sending in your resume and getting no response? Sign up today for “10 Hidden Secrets of Successful Resumes”!