The IT field is different. I would like to say it's like an iceberg, but global warming has threatened that particular analogy of a constantly dripping source of cold hard data and worldwide implications.
It is not enough to know networking concepts because you've dabbled in it in your bedroom for decades. They want you to know what protocols are currently being used, and they want it deployed their way. More to the point, even if you climbed the holy mountain CISSP, they want you to understand from a MANAGER's perspective, The Risk Management Framework. You can be the best student in the world, a dedicated worker bee, a drone, a fry cook. To be a manager in an IA effort, you are in effect playing manager with a CISO who knows their system best and, though many of them are completely even keeled people who understand the necessity of the process and will do their best to speed them along, you never know when an ego might get tweaked.
The right person for the job in providing Information Assurance has to have a balance of deferential leadership between him/her self and the client, and understanding how to manage and map all the data and documentation coming in.
Here it is folks, straight from OWASP. Dig right in and think like a manager. I wish there was a way to practice this, if you think of one let me know, or hope you are able to stick with a company that will gradually carry you through the process. Perhaps the attitude of thinking like a manager and understanding the RMF above all else is the only thing that will keep you above the stacks and stacks of policies and help you connect the dots all the way home.
If you think that's dated, I'll do you one better (heck this is only for me anyway) directly from NIST
No comments:
Post a Comment