Separations of Duties - Page 3

Lamont29 · ‎07-02-2018

I see that the Department of Defense (DoD) has formally implemented the separation of duties between IT and Information Security. Now you’ll have to choose your track. I was blown away by this reality at a job interview. I was invited out to an interview for information security where we had a social night and were encouraged to bring additional resumes and visit other organizations within the company. I thought that it was only to my benefit to visit IT so long as I was there.

The hiring manager who received my resume was quite uninterested in me initially and he wanted to immediately pass me over to Security. I explained to this hiring manager that I did have IT experience. He began to ask me what he thought were very technical questions – all of which I not only answered, but where I could, I gave audit and security measures or solutions where appropriate. It’s my opinion that he was quite impressed since both of his areas were interested in offering me a job in IT. He was quite upset with the way that I wrote my resume “only to security” and not IT. However, IT is where I amassed all of my skills and lead to my current career in Information Security.

I guess it’s a sad chapter as I arrive to what I believe is the apex of my career. I honestly didn’t intend to come this far in Information Security, only to the detriment of my IT knowledge. I am from the old school of thought where they go hand-in-hand. However, it’s understandable why government contractors and the federal government would take this approach. Confidentiality of the "CIA" rules the day in government and federal contractors must comply.

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC, CDPSE, MCSE

Lamont29 · ‎08-04-2018

I don't get into semantics. I think that if one has been around in cyber security and has accumulated a reasonable amount of experience, then the terminology should be very intuitive. Cybersecurity professionals should also be engaged enough to know in which direction the US federal government is headed with this initiative.

I have learned to just save my breath with some respondents. Picking wisely whom you converse with can save one a lot of stress.

Lamont Robertson
M.S., M.A., CISSP, CISM, CISA, CRISC, CDPSE, MCSE

rslade · ‎08-04-2018

> Lamont29 (Contributor II) posted a new reply in Career on 08-04-2018 02:30 PM in

> I don't get into semantics. I think that if one has been around in cyber
> security and has accumulated a reasonable amount of experience, then the
> terminology should be very intuitive.

"Don't get me started on intuitive. You know what's intuitive? Fear of heights.
Everything else we call intuitive took years of practice."
- Donald A. Norman in RISKS 22.02

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
He wrapped himself in quotations--as a beggar would enfold
himself in the purple of Emperors. - Rudyard Kipling
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

Baechle · ‎08-05-2018

This is important!

It’s one thing to nitpick over a spelling mistake (especially since I use my phone with occasionally hilarious substitutions by autocorrect). It’s another thing to use vague terminology.

I don’t mind someone getting their thoughts out and using incorrect or vague terminology. But then, I would make it a point of discussion before we move on.

I think previously, I made a point about using the term “Gateway,” which was used differently by network appliance folks and network-aware applications. It’s even worse for me having been in the military with acronyms. Even in context, I have problems trying to “decrypt” acronyms. Take for example SDR, or Software Defined Radio. Even in the context of talking about signals, my brain first goes to Surveillance Detection Route, and then to several other things having nothing to do with radios.

Language is the way we communicate ideas to others. It’s important that we communicate the ideas reliably. That often means agreeing to what terms mean, and possibly redefining them over time.