Monday, January 31, 2011

Improve Your Information Security Resume



When you craft a resume to pursue an information security job, you are expected to list past responsibilities. The goal is usually to catch the attention of the recruiter or hiring manager and be invited for an interview. Describing your role in a way that helps your resume stand out is hard, but I have a suggestion for a way to tackle this challenge.


The most common mistake I’ve seen on resumes is the candidate merely listing the tasks he or she performed at an earlier job, such as:

•Wrote and maintained information security policies
•Supported the perimeter firewall, updating its rules when requested
•Managed anti-virus deployment for the enterprise

This isn’t all that bad… The task list allows the reader to understand what the candidate might be capable of. The problem is that this listing doesn’t stand out.

The solution? Make sure that every bullet point on your resume answers the question “So What?” That means including not only the text that describes what you were working on, but actually stating what you accomplished. The goal is to have the reader read your accomplishments and exclaim, “Wow! I want this person to do the same for me!”

Answering the implied “So What” question is hard. As you can see, the sample resume excerpt above doesn’t come even close to succeeding at this. The following listing is an improvement:

•Created and fine-tuned security policies, which allowed the organization to pass a regulatory audit. The documentation was succinct, making it easier for the employees to read it and follow its guidance.

•Managed the corporate firewall, improving the response time to implement changes by 50% over the course of the year. Optimized the existing rule set to decrease its length by 25%, making error-free maintenance easier.

•Centralized the management of endpoint anti-virus software, improving the time to respond to a malware infection by 70%. Wrote and deployed a script to validate that anti-virus software is installed on all workstations.

The text is a bit wordy and can use some tweaking. But the idea is that now the reader understands what benefits your tasks provided to your employer. Each bullet point provides an answer to the “So What?” question.

As you look at your current activities, consider whether you can point to any specific accomplishments. If you cannot, check whether there are other, more valuable tasks that you can focus on. Also, examine the extent to which the work you do contributes towards meeting your employer’s business goals.

Moreover, begin collecting metrics that not only provide your organization feedback regarding the effectiveness of its security program, but also help you collect the data you can use to illustrate your success on a resume

Tuesday, January 25, 2011

[Public Shadowserver] The Conficker Working Group Lessons Learned Document

The Conficker Working Group Lessons Learned Document


Starting in late 2008, and continuing through June of 2010, a coalition of security researchers worked to resist an Internet borne attack carried out by malicious software known as Conficker. This coalition became known as “The Conficker Working Group”,

and seemed to be successful in a number of ways, not the least of which was unprecedented cooperation between organizations and individuals around the world, in both the public and private sectors.

In 2009, The Department of Homeland Security funded a project to develop and produce a “Lessons Learned” document that could serve as a permanent record of the events surrounding the creation and operation of the working group so that it could be used as an exemplar upon which similar groups in the future could build. This is the document.

The Rendon Group conducted the research independently, and although a number of members of the Conficker Working Group were interviewed, and provided information to the authors, the report is the sole work product of the Rendon Group. The views and

conclusions are not necessarily those of the Conficker Working Group, or any of its official or unofficial members. Nonetheless the Core Committee of the Conficker Working Group believes the report has substantial value and is pleased to provide access to

the Rendon document via the Conficker Working Group Website
 
http://www.confickerworkinggroup.org/wiki/uploads/Conficker_Working_Group_Lessons_Learned_17_June_2010_final.pdf

Sunday, January 23, 2011

The 12 information security principles for information security practitioners


The 12 Principles


The 12 information security principles for information security practitioners are outlined under three main categories – support the business, defend the business, and promote responsible security behaviour – with an objective and detailed description for each principle: