I recently got bitten by the networking virus. By now, the infection is in full swing.
I am a member of four real-world associations, including, amongst others, (ISC)² and ISACA. Of course these offer excellent networking opportunities, and so I am regularly invited to networking meetings. As a part of the community, how could I resist?
Then, I'm on a couple of more informal networks, like mailing lists and smaller circles of friends and colleagues. I've lost count a bit, because some of them stopped meeting and I was reluctant to formally join others, but I think there must be another four or so of them.
Read more
It sounds like a tempting idea: Put security tools online so everybody can use them without installing software.
Such as Virus Checking for documents (1, 2) or checking the quality of passwords (1, 2).
I for one am happy with my anti virus software, so I will not upload confidential files or forward whole e-mails to check whether they are virus infected. But maybe fear of viruses beats the need for confidentiality.
Read more
Kristian Köhntopp writes in his blog (original text in German, quoted and translated with permission):
(Translation begins)
Fun Passwords
Some entertaining fun password statistics from a client. Using a dictionary against the password file of the client's accounts results in a list of accounts with weak passwords, as follows:
Read more
It was in the news (and on Network World): CompTIA recently published a survey on the security skills of IT workers.
In an impressive list of numbers we learn that the gap between demand and supply is bigger in developing nations, and that, of course, hiring managers are planning to apply remedies, such as sending their IT and IT Security people to training measures and demanding certifications.
Read more
Max Weber, the renowned sociologists, described social closure as the tendency of groups to restrict entry to outsiders in order to maximize their own benefit.
Read more
ENISA, the European Network and Information Security Agency just issued a paper on security certification:
Information Security Certifications - A Primer: Products, people, processes.
Read more
Information Week is running an article by Matthew Schwartz on whether one Should [...] Hire A Convicted Hacker. They quote the case of Kevin Mitnick and cite a tendency that, silently, people who have been convicted of computer crimes are being hired back into the industry.
I do not have any reason to doubt that Kevin Mitnick has been truly reformed, and neither do I wish that anyone should be denied a chance for a new start. However, this misses the point entirely.
Read more
Infoworld was running an article on "How great IT security leaders succeed". I said earlier that it's a question of attitude, and I find myself confirmed, time and again. But Infoworld has also this to say: "In fact, many CISOs who do have technical skills contend that the knowledge often leads to them getting tied down in too many operational decisions and projects [...]."
Read more
It's a well-known fact in traffic psychology that people react to new safety measures in a quite paradoxical way: They assume more risky behavior. In a nutshell, the introduction of helmets, safety belts and anti-lock braking systems (ABS) leads people to drive faster.
That's not to say that the overall risk isn't reduced per se, or that the effect would be the same for all people, but it's something that makes security measures less effective than they otherwise would be.
Read more
Actually, that's not what I meant. But let me start from the start.
Lifehacker is a productivity blog. They recently published an article titled "Prepare for a Layoff". What they're basically saying is that in times of possible recession it pays to have your Plan B ready, know the market, update your resume and maybe have some test interviews, you never know.
They only got one thing wrong: This isn't just for recession.
Even if you're employed in the same job since twenty years and plan to stay for another twenty, you need to stay in the market.
Read more
CSO Magazine recently published an article by Jeff Snyder on "The Top Five Reasons CSO Candidates Don't Get Hired"
Rather surprisingly, the top of the list, according to the author who is head of a recruiting firm, are poorly written resumes, inadequate communication skills, lack of understanding of business needs, an inflated resume and a "lack of passion".
This doesn't seem to read so different from the top 5 reasons why someone wouldn't get hired as CEO, kindergardener, car mechanic or just about any other job. Our faithful readers, of course, would be able to avoid the most basic mistakes.
Read more
Scientists at the University of Leeds recently published a report on risk perception ("Workplace autopilot threatens security risk perception"). Based upon a (relatively small) sample, researchers concluded that we as human beings are programmed in such a way that ignoring certain types of risks becomes a question of habit.
Read more
Right. I've been waiting to be able to write about this...
Leesa Fogarty was writing on Information Technology Security Link on "Marketing yourself as a luxury brand".
Nice metaphor. Very original thinking. Being a luxury item makes you feel valued, appreciated and in control. Luxury brands are being used to yank other people's chain. They are the source of pride (on one side) and envy (on the other hand).
But is that true for the IT Security job market? I suggest to take a somewhat more modest approach:
Read more
A recruiter contacted me yesterday via LinkedIn. Strangely, the name of the sender didn't match the person who claimed to sign the e-mail. After some back and fro, I received the following e-mail (names abbreviated to protect the guilty):
My name is R.; I'm using C.'s account in linkedin to find candidates for the positions that are available in Europe.
Dear R.,
Thanks, but no. I already mentioned that I'm not interested in working with your company. Working with recruiters requires trust. Confusing identities does not serve to establish that. You even seem to have your own account, so I recommend you start using it.
Read more
A reader was writing the following letter (slightly edited to protect the guilty):
Read more
I think SC Magazine must have been the first to take notice... (ISC)² has published its reference guide for HR Professionals.
Now, it has been said for some time that some folks - inside and outside the HR departments - see certifications as just another tick in the box... be it as one of those unstated requirements in the job profile or as something that "gets you through the process".
Read more
Infosecurity Today is quoting SANS as saying that "Infosecurity professionals will see improved job opportunities in 2008" (...) "as senior executives in government realise that their systems have already been compromised, and that they do not control those systems, they will react by creating new jobs."
Read more
The new year has begun and everybody has had their go at crystal-balling on the new year.
Read more
Dr. Peter Berlich, CISSP-ISSMP, CISA, CISM, is the CEO of Birchtree Consulting, based in Switzerland, and is a member of the (ISC)2 Board of Directors. He served as IT Security, Compliance Manager and Delivery Project Executive on several of IBM's largest strategic outsourcing accounts and was global Information Security Manager of Technology Company ABB. He has an education in Physics and spent several years at European Laboratory for Particle Physics, CERN. He is chairman of German Informatics Society's section for Security Management and of the Advisory Editorial Board of UK-based Infosecurity Today.
|
|
