Since before my first certification in 1994 I have had a security mindset. I would pour through Novell Netware Security reports over lunch and take action on them after lunch. (There wasn't much change control in the 1990's on an isolated LAN) But every user needed a password and people that are no longer with the company need to be deleted.
Over the years I earned many more certifications and each time I grew in knowledge and capabilities.
Later, I worked on securing systems at a small bank. First on the business side and later on the Internet.
For all of those years, I kept security top of mind. Three years ago I accepted a job on the Security Team. It was a nice move considering how much we already work together.
I earned a CISSP 14 months ago. But the CISSP focused studying started about two years ago.
Benefit 1 - Thinking different about security (Changed perspective)
Within the first two months, I noticed that my point of view was shifting from "Get a firewall and configure it like this ..." to " You need a technical control that will do this function "x".
Benefit 2 - What are the next goals? (Keep reaching)
Life learner, I'm the poster adult.....Now I am listening to the following books:
The Goal <- done
The Dev Ops Handbook <- 20% done
The Phoenix Project <- In cue
Benefit 3 - Provide assistance where ever you can (Keep networking)
I am fully engaged in the local security community by going to the local chapter meetings of ICS2, getting elected to the board of directors at our local InfraGard, and elected to the local ISSA Chapter board of directors.
Benefit 4 - Volunteering (Pass it on)
Mentor once a week a local High School CyberPatriot team.
So keep learning and stay engaged!
Thanks for the excellent back story, Radioteacher. And thanks for demonstrating clearly that a CISSP designation follows a path. It's not usually the first step; it comes after thought and deliberation.
I have to say... @Radioteacher reading Novell reports sounds like a good time
I just wanted to chime in and echo the Cyberpatriots suggestion. Watching students compete is one of the hardest but at the same time rewarding thing I have done this season. I would highly recommend it to all of you if the schools in your area participate in this program. They will absolutely abosrb all of the knowledge you can pass on to them, and who knows some of them might end up interning or working with you later.
One thing I purposely look for on Intern and Applicant resumes is volunteer hours. Volunteering in CyberPatriot is a plus that elevates a resume.
At an event last week our City's CIO was speaking about helping the community and fostering learning. Later he asked for questions.
I asked two.
How many people work in IT for the city? 300+
How many of those employees volunteer one hour every two weeks in projects like Cyberpatriot? He asked if I was calling him out and I said, "Yes"
I have asked my vendors the same questions. If they are not volunteering to build the IT workforce for the future....I will find a vendor that will.
I am now listening to the following books:
The Goal <- done
The Dev Ops Handbook <- done
The Phoenix Project <- 50% done
At a minimum, everyone should read or listen to The Phoenix Project.
What are the four types of work?
Business Projects, IT Operations Projects, Changes, and Unplanned Work
Do you plan for unplanned work? Well, you should!
Great background story. I also offer free tutoring to students attending our local university when they reach out to me. It benefits the entire community when we remain involved to help future security professionals.