Hi All

Late in 2021, I officially became the Australia & New Zealand Architecture Profession Leader for IBM, having been and carrying on in 2022 I am involved in a DevOps engagement using Open Source Software and using a Minimum Viable Product (MVP) approach using the Agile Methodology for a client.

1)  My goal is to ensure that Security & Privacy by Design principles are firmly embedded during the engagement from end to end by actively communicating with the Developers, Architects, Project Manager and the client to ensure their objectives are met, but also doing so with some discipline to ensure good outcomes by using security principles as well as ensuring good solution design approach.   The rationale behind this, is that there is a tendency to focus on the Hypothesis, and Outcomes and drop the failures quickly and move on, but letting documentation lapse along the way.   This can only lead to disaster in the long run, unless security & privacy along with Architectural principles and good practices are enforced throughout the engagement.

Comment:  Just because it uses Agile methodology, and DevOps approach, does not mean one is exempt from documentation throughout the process, the Architects involved and organisations reputation, along with integrity and trust is paramount.   People have long memories.

2)  Introducing and starting organisations journey's towards Zero Trust security, focusing on a business first approach rather than a bottom up approach which tends to gravitate towards technology firsts, rather than People, Processes and then Technology.

3)  To keep on developing and learning by achieving certifications, and CPD's through self discipline i.e. set a goal of at 40-100 hours of self-development with distinctive goals.

Regards

Caute_Cautim

HI All

Here is an interesting perspective on careers, which may help a few make their minds up on what direction you plan to take in 2022.

https://www.fastcompany.com/90705269/i-passed-on-a-big-promotion-and-still-grew-my-career-this-is-wh...

Regards

Caute_Cautim

One topic that any professional should revisit on a monthly/quarterly/semi annual/annual basis (always do some training, education no matter how big or small the effort). 

CISSP has been a good cert to have throughout my career but I am looking at obtaining other certs (CISM / PMP), rebooting the LLC/small business, adding additional skills like penetration testing (not just vuln scanning), and developing "cyber" training course.  I imagine most people look at the next level/position in their career progression but there should also be other initiatives to increase a side income stream, develop a potential shift in the career with more reward, or obtain other knowledge. Highly recommend being a member on LinkedIn and networking as there is a lot of "free" training, career, and business information.

First, despite some progress in opportunities for women in cybersecurity, the 'cards are still stacked' against us. I have accumulated over 200 peer-reviewed papers that prove the status of females in male-dominated 'businesses' is much less than optimal, and much less than the 50% representation that SHOULD BE in all businesses in the USA.

My goal since 2009 has been to become a CISO, the goal is still to become a CISO. Yet, I have only just now been offered to become an entry-level manager.

Did you know that only a small percentage of fortune 500 CISOs even hold a CISSP? Watch Episode #26 at Cybersecurity Ventures, the Steve Morgan Interview with Dawn Cappelli, CISO and EVP at Rockwell Automation. That is where I found that fact.

thank you,

Dr. Jan Shuyler Buitron

Doctorate of Computer Science in Cybersecurity, minor in Management

Master of Science in Cybersecurity

CISSP, MCSE, ITIL v2, v3

Senior Cybersecurity Systems Engineer\Lead