Monday, August 13, 2012

Securing the C-Level - Michael Peters

I posted a review on but wanted to republish here.

After reading Securing the C Level, by Michael D. Peters, I found I could hardly put it down. This book is like a gold mine - like finding a little gold nugget after years of searching for some good advice, like having a private lunch with someone on that upper echelon and picking their brain about the ins and outs of how to get a job like that. Not only is it very insightful into the preparations needed to get to that level, but it also offers insight to anyone in a management position. Michael gives sage advice on navigating the cultural waters, how to spend your first 100 days for maximum benefit, how to groom your personal brand, and many other interesting and invaluable tidbits about achieving and maintaining that life at the top of the corporate ladder.

Parts of the book I found most interesting were dealing with planning your career - Michael provides some awesome and creative tips to chart the waters of executive career planning - especially if your career benefits from the achievement of credentials. Michael also talks in-depth about life as a C-level executive, the sometimes-treacherous waters, and how to successfully navigate them. As an MBA and a JD, Michael's background and experience allows him to provide a wealth of practical and insightful advice, advice which anyone can and should be following if they want to follow someone like Michael's footsteps.

Highly recommended book for career planning - a very interesting and actionable read!

If you aren't familiar with Michael Peters, have a look at his background and his blog.  He's a monster!  He sailed through the BS, MBA and now eJD degrees - he's a CISO, a member of the ISSA Hall of Fame, and he's one of our Keynote Speakers at the 10th Annual Louisville Metro InfoSec Conference!

Wednesday, August 1, 2012

Hey Fellow

I was recently honored and humbled to be notified of my acceptance and appointment as an ISSA Fellow.  

The ISSA rewards a small number of members each year with the Fellow designation - the ISSA Fellow is someone who has at least 8 years of ISSA Membership with 3 of those years spent as leaders - Board members, officers or President.  An ISSA Fellow has also demonstrated at least 5 years of noteworthy performance as an Information Security professional.

Of the 137 international chapters and over 10,000 members worldwide, ISSA Fellows number about 35 - less than 1% of the member population.  

As an ISSA Fellow, I would like to continue to participate, not only at the local level, but nationally and internationally, with the ISSA.  As a Fellow I plan on further facilitating educational and networking opportunities for Information Security professionals through the ISSA, ISACA, Infragard, OWASP and other related organizations and activities.

The ISSA is a fantastic organization for Information Security professionals and the companies they serve.  This organization provides direct support for local chapters - the chapters are the key.  When you join an ISSA chapter, you will likely be able to attend planned meetings, where interesting and informative speakers provide an educational presentation.  You may also be able to attend conferences, like the ISSA Kentuckiana Chapter's annual "Louisville Metro InfoSec Conference".  The chapters facilitate educational and networking opportunities for their members.  

I can tell you, from over 8 years as a member of the ISSA, that my career would not be what it is today, without my membership AND participation in my chapter.  I have met so many amazing people, learned a great deal, and have been exposed to many opportunities - both job opportunities and leadership opportunities.  If you are able and willing, you will have the opportunity to shine by volunteering with your local ISSA Chapter.  I wholeheartedly recommend it.

So as a newly minted ISSA Fellow, let me stand up and cheer for the ISSA - it's one of the best investments and activities you can make in yourself and your career.

Mind Your Data

As I sit and ponder what else to write about, it dawns on me that we are living in a world of technology.  If we look around our life, we would be hard-pressed to find an area that isn't affected by technology.  Technology has become so interwoven into the fabric of our lives that we hardly notice it any longer.

Consider your house - you probably make sure your doors and windows are locked.  You might have installed an alarm system to alert if a burglary or fire is happening.  You may own a firearm with the purpose of protecting your family in the event of emergency.  You install fire detectors in each room, and you may own a dog for both companionship and for it's deterrent value.

We also take similar precautions, if we're smart, outside of the home.  We generally lock our vehicle to prevent or deter theft.  We may have learned to keep our keys in our hands while we walk to the car, especially at night.  We are familiar with the fire exits at work, and we likely go through multiple security protocols throughout our day, from toll roads to access badges to locks on our desks.

The problem, I believe, is in the proliferation of technology in our lives.  We always have our cell phone on our belt, in our pocket or in a purse.  We might carry a laptop or tablet - we certainly have a PC at home and likely utilize one at work.  Our TV can now access the Internet, and even our fitness machines and refrigerators soon will be connected to the "Net".  This connectivity is very convenient but I think we have become unaware of the risks.

Any of these devices, connected to a network or the Internet, could present your personal information in ways you are not aware of.  Your credit card information, social security number, and a host of other interesting and useful bits of information could be seeping out the cracks in your technological collection.  There are many ways of helping to reduce the risk, however most people aren't even aware of the risks, not to mention the ways of reducing that risk.

It is imperative that we, as technology consumers and users, become aware of just how much of our personal information we're sharing, how much we're letting leak out.  It's fine if you know about it and are fine with sharing it.  The real concern happens when you don't know.  The number of Information Security professionals, sites, and books available is vast - make sure you are taking advantage of these resources, learning just what the risks are, and taking the necessary steps to help minimize the risks to your personal information, finances, health records, and anything else you wouldn't want to share with the world.

You lock your door each night - make sure you have a lock on your data also.

In the beginning...

Welcome to my new blog.

My name is Randall and I'm an InfoSec guy.  I am a CISSP, an ISSA Fellow, and have been working in the InfoSec field for a decade now.  I've always been a security guy - I started in private security, became a deputy sheriff, then went into IT and eventually InfoSec.

I am interested in all things security - computer security, personal security, risk management.

With this blog, I will collect my thoughts, put down insights, talk about funny and not-so-funny things that happen in my world, and share all the information I can on securing your business and also securing your life. One day it might be how to set up a firewall and the next it might be how to set up your home to be more secure.

I will propagate this blog via the wonderful social networking sites out there - including LinkedIN, Twitter, and maybe, someday....  dare I say it....  Facebook...

Drop me a comment if you're so inclined.  Stay tuned and I'll try to keep it interesting and informative.