Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
j_M007
Community Champion
‎07-30-2018 04:42 PM
‎07-30-2018 04:42 PM

Information security Achilles' Heel?

No one is omniscient. We all have gaps we want to patch. How do the seasoned (and unseasoned? 😉 veterans handle knowledge gaps? Do you go over CBK topics. Read NIST Special Pubs till your eyes bleed? Meet young'uns for coffee (if under 21)?

 

There is a heckuva lot to know, especially as we "mature".

 

So what (generally speaking) are Infosec Achilles' heel(s) for which to be on guard?

 

Thanks, as always, for your considered opinions.

Reply
0 Kudos
8 Replies
billclancy
Contributor I
‎07-30-2018 04:58 PM
‎07-30-2018 04:58 PM

Read, read, read and read some more. I love to read. My GF is an attorney and RN, she claims she has never known anyone who loves to read as much as I do.

 Books, industry magazines,  & the web.

 

https://onlinedegrees.sandiego.edu/top-cyber-security-blogs-websites/

 

This is more than most can digest

Reply
CISOScott
Community Champion
‎07-31-2018 09:47 AM
‎07-31-2018 09:47 AM

Podcasts along with reading. Start each morning with several news websites, even ones you may not like, and scour them for InfoSec/Cyber stories. You will want to be able to appear to be "in the know" if your executives ask you about a story they saw on a website. Read cyber websites. Listen to podcasts. Attend free webinars.

Here is an ISC2 Community post that lists podcasts we have compiled.

https://community.isc2.org/t5/Industry-News/Security-Podcasts/td-p/2567/page/4

 

 The Achilles' heel is not knowing about recent topics. I once attended a presentation where the guy giving the presentation was talking about the Stuxnet "virus" to a room of seasoned cyber professionals. It became painfully obvious that he didn't know what he was talking about and had not done in-depth research on it. He kept calling it a virus and played it off as a trivial thing. People actually started walking out of his presentation. He was trying to stay relevant by bringing up a recent topic but had not done enough in-depth research to come off as knowledgeable. You want to be able to have some idea what an executive or even a co-worker is talking about and if it has made it to the "mainstream media", you will want to be able to speak about it, or at least admit when you don't know but will do more research on it.

Reply
Baechle
Advocate I
‎07-31-2018 10:38 AM
‎07-31-2018 10:38 AM

@j_M007 wrote:

No one is omniscient. We all have gaps we want to patch. How do the seasoned (and unseasoned? 😉 veterans handle knowledge gaps? Do you go over CBK topics. Read NIST Special Pubs till your eyes bleed? Meet young'uns for coffee (if under 21)?

 

There is a heckuva lot to know, especially as we "mature".

 

So what (generally speaking) are Infosec Achilles' heel(s) for which to be on guard?

 

Thanks, as always, for your considered opinions.

I follow @rslade on the (ISC)^2 Community.  😉

Seriously:  Rob, thanks for aggregating interesting articles from around the web!

 

What I do is acknowledge my weaknesses and seek out others who will balance it as their strength.  I am often looked upon by my coworkers as if I am omniscient, but it is the strength of my relationships and willingness of my professional network to share knowledge and insight that helps me achieve.

 

Sincerely,

 

Eric B.

Reply
j_M007
Community Champion
‎07-31-2018 10:43 AM
‎07-31-2018 10:43 AM

Excellently Socratic, Eric. It reminds me of a saying i saw on someone's IM status...

 

"The more you know, the more you know, how little you know." 😉

Reply
Beads
Advocate I
‎07-31-2018 02:29 PM
‎07-31-2018 02:29 PM

Agree here. For many years now I have been saying that InfoSec changes every hour so its nigh impossible to keep up but being a voracious reader certainly helps.

 

Remember back in the day when you could read Byte and Computerworld in paper and feel completely on top of the industry? Well those days have well past us any number of RSS/atom/Feedly/etc. feeds and products in general.

 

High pressure fire hose, today, thanks!

 

- beads

Reply
rslade
Influencer II
‎07-31-2018 03:33 PM
‎07-31-2018 03:33 PM

> Beads (Contributor I) posted a new reply in Career on 07-31-2018 02:29 PM in the

>   Remember back in the day when you could read Byte and Computerworld in
> paper and feel completely on top of the industry?

I strongly suspect we only *thought* we were on top of the industry ...

At one time (and many years ago, at that) I was spending 80 hours a week on
research, and I *know* I was not completely keeping up ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
More computing sins are committed in the name of efficiency than
for any other single reason--including blind stupidity.
- William A. Wulf
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
rslade
Influencer II
‎07-31-2018 05:58 PM
‎07-31-2018 05:58 PM

@Baechle wrote:

I follow @rslade on the (ISC)^2 Community.  😉

Seriously:  Rob, thanks for aggregating interesting articles from around the web!

Garsh, shucks  [blush]  [kicks dirt with toe of shoe]

 

As I have mentioned elsewhere, the RISKS-Forum Digest is definitely one of the great sources of keeping up to date with current dangers, and getting great pointers to detailed analysis as well.

 

Your US federal tax dollars at work used to bring us the DHS Daily Open Source Infrastructure Report.  Except that, as of January of 2017 (gee, I wonder what happened then?) it doesn't.

 

But what you lot in the Unexplored Southern Area failed at, the humble Province of BC has done.  You can either look up the Security News Digest on the archive, or send email to OCIOSecurity@gov.bc.ca asking them if they will put you on the mailing list.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
j_M007
Community Champion
‎07-31-2018 06:42 PM
‎07-31-2018 06:42 PM

Now this type of information is priceless, folks. I very much appreciate it.

 

I have made it a habit to pass on whatever tidbits (links, news, etc.) to my peers ,and we also have an in house weekly newsletter that I find a sobering (and sometimes gobsmacking!) read.

 

Your tips and suggestions are very helpful. Please keep the comments and suggestions coming.

 

 

Reply
0 Kudos