topic Re: Information security Achilles' Heel? in Career Discussions

Information security Achilles' Heel?

j_M007 — Mon, 30 Jul 2018 20:42:29 GMT

No one is omniscient. We all have gaps we want to patch. How do the seasoned (and unseasoned? 😉 veterans handle knowledge gaps? Do you go over CBK topics. Read NIST Special Pubs till your eyes bleed? Meet young'uns for coffee (if under 21)?

There is a heckuva lot to know, especially as we "mature".

So what (generally speaking) are Infosec Achilles' heel(s) for which to be on guard?

Thanks, as always, for your considered opinions.

Re: Information security Achilles' Heel?

billclancy — Mon, 30 Jul 2018 20:58:22 GMT

Read, read, read and read some more. I love to read. My GF is an attorney and RN, she claims she has never known anyone who loves to read as much as I do.

Books, industry magazines, & the web.

https://onlinedegrees.sandiego.edu/top-cyber-security-blogs-websites/

This is more than most can digest

Re: Information security Achilles' Heel?

CISOScott — Tue, 31 Jul 2018 13:53:15 GMT

Podcasts along with reading. Start each morning with several news websites, even ones you may not like, and scour them for InfoSec/Cyber stories. You will want to be able to appear to be "in the know" if your executives ask you about a story they saw on a website. Read cyber websites. Listen to podcasts. Attend free webinars.

Here is an ISC2 Community post that lists podcasts we have compiled.

https://community.isc2.org/t5/Industry-News/Security-Podcasts/td-p/2567/page/4

The Achilles' heel is not knowing about recent topics. I once attended a presentation where the guy giving the presentation was talking about the Stuxnet "virus" to a room of seasoned cyber professionals. It became painfully obvious that he didn't know what he was talking about and had not done in-depth research on it. He kept calling it a virus and played it off as a trivial thing. People actually started walking out of his presentation. He was trying to stay relevant by bringing up a recent topic but had not done enough in-depth research to come off as knowledgeable. You want to be able to have some idea what an executive or even a co-worker is talking about and if it has made it to the "mainstream media", you will want to be able to speak about it, or at least admit when you don't know but will do more research on it.

Re: Information security Achilles' Heel?

Baechle — Tue, 31 Jul 2018 14:38:42 GMT

@j_M007 wrote:
No one is omniscient. We all have gaps we want to patch. How do the seasoned (and unseasoned? 😉 veterans handle knowledge gaps? Do you go over CBK topics. Read NIST Special Pubs till your eyes bleed? Meet young'uns for coffee (if under 21)?

There is a heckuva lot to know, especially as we "mature".

So what (generally speaking) are Infosec Achilles' heel(s) for which to be on guard?

Thanks, as always, for your considered opinions.

I follow @rslade on the (ISC)^2 Community. 😉

Seriously: Rob, thanks for aggregating interesting articles from around the web!

What I do is acknowledge my weaknesses and seek out others who will balance it as their strength. I am often looked upon by my coworkers as if I am omniscient, but it is the strength of my relationships and willingness of my professional network to share knowledge and insight that helps me achieve.

Sincerely,

Eric B.

Re: Information security Achilles' Heel?

j_M007 — Tue, 31 Jul 2018 14:43:16 GMT

Excellently Socratic, Eric. It reminds me of a saying i saw on someone's IM status...

"The more you know, the more you know, how little you know." 😉

Re: Information security Achilles' Heel?

Beads — Tue, 31 Jul 2018 18:29:46 GMT

Agree here. For many years now I have been saying that InfoSec changes every hour so its nigh impossible to keep up but being a voracious reader certainly helps.

Remember back in the day when you could read Byte and Computerworld in paper and feel completely on top of the industry? Well those days have well past us any number of RSS/atom/Feedly/etc. feeds and products in general.

High pressure fire hose, today, thanks!

- beads

Re: Information security Achilles' Heel ? ((ISC)Â² Community Subscription Update)

rslade — Tue, 31 Jul 2018 19:33:13 GMT

> Beads (Contributor I) posted a new reply in Career on 07-31-2018 02:29 PM in the

> Remember back in the day when you could read Byte and Computerworld in
> paper and feel completely on top of the industry?

I strongly suspect we only *thought* we were on top of the industry ...

At one time (and many years ago, at that) I was spending 80 hours a week on
research, and I *know* I was not completely keeping up ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
More computing sins are committed in the name of efficiency than
for any other single reason--including blind stupidity.
- William A. Wulf
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

Re: Information security Achilles' Heel?

rslade — Sat, 08 Dec 2018 19:45:31 GMT

@Baechle wrote:
I follow @rslade on the (ISC)^2 Community. 😉
Seriously: Rob, thanks for aggregating interesting articles from around the web!

Garsh, shucks [blush] [kicks dirt with toe of shoe]

As I have mentioned elsewhere, the RISKS-Forum Digest is definitely one of the great sources of keeping up to date with current dangers, and getting great pointers to detailed analysis as well.

Your US federal tax dollars at work used to bring us the DHS Daily Open Source Infrastructure Report. Except that, as of January of 2017 (gee, I wonder what happened then?) it doesn't.

But what you lot in the Unexplored Southern Area failed at, the humble Province of BC has done. You can either look up the Security News Digest on the archive, or send email to OCIOSecurity@gov.bc.ca asking them if they will put you on the mailing list.

Re: Information security Achilles' Heel?

j_M007 — Tue, 31 Jul 2018 22:42:05 GMT

Now this type of information is priceless, folks. I very much appreciate it.

I have made it a habit to pass on whatever tidbits (links, news, etc.) to my peers ,and we also have an in house weekly newsletter that I find a sobering (and sometimes gobsmacking!) read.

Your tips and suggestions are very helpful. Please keep the comments and suggestions coming.