1. Hosted by Staffing Security Positions How To Choose The Right Personnel Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc. http://www.securitysage.com

2. Hosted by Identifying Positions Management IT Security CSO / CIO Technical Implementation Administration Documentation Active vs. Passive Security Physical Monitoring Incident Response Communications

3. Hosted by Understanding Skills IT System Installation System Administration Patch Systems Monitor System Logs Backup Systems Follow Security Rules Systems Documentation Security Security Configuration Security Administration Understand Patches Monitor Security Logs Ensure Backup Security Ensure Rules Are Followed Security Documentation

4. Hosted by Understanding Skills (2) Most IT & Security Personnel Have Experience In Both Areas! Determining Where A Particular Person Can Best Fit In Can Be Difficult!

5. Hosted by Certifications ( Product ) MCSE ( Microsoft Certified Systems Engineer) Microsoft - http://www.microsoft.comhttp://www.microsoft.com Specific Information About A Product CCNA ( Cisco Certified Networking Associate ) Cisco - http://www.cisco.comhttp://www.cisco.com Specific Information About A Series Of Products CCSA ( Check Point Certified Security Administrator ) Checkpoint - http://www.checkpoint.comhttp://www.checkpoint.com Specific Information About A Product

6. Hosted by Certifications ( Technical ) SANS GIAC SANS - http://www.sans.orghttp://www.sans.org Specific Security Topic For Each Certification ( There Are A Few ) SSCP (Systems Security Certified Practitioner) ISC 2 - http://www.isc2.orghttp://www.isc2.org Broad Range Of Security Topics ( Similar To SANS GSEC )

7. Hosted by Certifications ( Management ) CISSP (Certified Information Systems Security Professional) ISC 2 - http://www.isc2.orghttp://www.isc2.org Broad Range Of Security Topics CISM (Certified Information Security Manager) ISACA - http://www.isaca.orghttp://www.isaca.org Security Management Specific

8. Hosted by Certifications ( Issues ) Learning To Pass A Test? vs. Knowing & Understanding The Materials? Someone With A Certification? vs. Someone With Years Of Experience?

9. Hosted by What You Want In A… Security Technologist Specific understanding of multiple technologies Technical expertise Communication skills (speaking and writing) Documentation skills Ability to work in a team The desire to improve one’s self and learn more Security Manager Broad understanding of multiple technologies Management techniques Communication skills (speaking and writing) Documentation skills Ability to direct a team Ability to distinguish between technical skills

10. Hosted by Security Career Paths Progression System Administrator Security Administrator Security Manager Certification Product Certifications Technical Certifications Management Certifications Why would someone NOT get a certification? Attitude / “certifications just mean you can pass a test” Apathy / Lack of understanding of how it can benefit them

11. Hosted by Evaluating A Resume ( Beyond the norm ) Past jobs IT specific with security functions Security specific job description Team leader or team member Communications skills Publications or papers written Memberships & Affiliations Affiliated with any public security forums? Contributions to open projects?

12. Hosted by In The Interview Communications Skills Explain a concept to both a technical and a non- technical person (simultaneously) Write a sample paragraph describing a security issue (~200 words) Your Thoughts Will this person’s skills grow from technical to management? Will this person want to move into management, or will he/she be happy as a senior tech?

13. Hosted by Summary Skills and requirements What is on paper vs. what’s in their head Growing as an individual within the company The resume vs. the person

14. Hosted by QUESTIONS? Thank you! Jeffrey Posluns, CISA, CISSP, SSCP, CCNP, GSEC jeff@posluns.com SecuritySage Inc. http://www.securitysage.com