I’d love to have this on my business card:
Luke Ahmed, CISSP
Information Security Officer
After reading page 14 of the new “Official (ISC)2 Guide to the CISSP CBK, Fourth Edition” however, I found that information security officers have a high pressure job!
What I learned from my Interview With An Information Security Officer, is that the security officer was not the enemy. He was actually trying to find out more details about the SOC in order to perform his job, which is to make sure the company is ready for their ISO 27001 audit.
This actually helps me in the long run because I’d be working at an ISO 27001 certified company, which would lead to garnering more customers, and which ultimately keeps my job secure.
It also helped me personally as I was madly studying for the CISSP exam, and this real world experience on Information Security Governance and Risk Management was priceless!
For an information security officer it’s no longer about just protecting the company with a firewall or the latest anti-virus update. They now include the following:
A very real threat in this century
State sponsored hacking campaigns
Just as real as terrorist attacks
Hackers are passing the secretary and going straight for the C-level excutives
More users are bringing in their own device to the corporate network
Whether accidental or with intent, insider threats are one of the biggest to a company
Domestic and international laws are created dynamically
A company must follow regulation in order to protect consumers, and themselves
Certifications such as ISO 27001, which can be crucial to a security business to thrive
Information security officers must create and manage incident response teams
Important to maintain proper chain of custody in case of a legal battle
In addition to all the responsibilities above, the information security officer must sure that all their responsibilities align with the goals, objectives, mission, and culture of the company.
But it’s not over even after that!
Security officers must THEN have to take all their responsibilities, make sure they align with the company, and tell the executive team of everything that is going on for further approval!
Basically, if you want to be an information security officer, you better:
Have a passion for security
Get along with others
Stand up for yourself, and not be a push-over depending on your situation
Stay current on all the latest threats and counter-measures
Think you’re ready for the job?