Threat Level: green Handler on Duty: John Bambenek

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2017-05-06 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

What Can You Learn On Your Own?

Published: 2017-05-06
Last Updated: 2017-05-07 00:22:52 UTC
by Russell Eubanks (Version: 1)
5 comment(s)
We are all privileged to work in the field of information security. We also carry the responsibility to keep current in our chosen profession. Regularly I hear from fellow colleagues who want to learn something, but do not have a training budget, feel powerless and sometimes give up. I would like to share several approaches that can be used to bridge this gap and will hopefully inspire a self-investment both this weekend and beyond. None of these ideas cost anything more than time.
 
I decided to borrow an idea from an informal mentor, something I generally give them credit for, but not always. I decided to wake up early each morning with the intent to learn something new every day. Maybe the something is a new tool, a new linux distribution or taking an online class. Having done this now for the last 7 years, I can say without hesitation or regret that it has been pivotal in making me a better me. I am convinced that applying just a little bit of incremental effort will serve you well as well.
 
Ideas to get you started:              
  • SANS Webcasts and in particular their Archive link                         
  • Serve as an informal mentor to a junior team member, while being open to learn from them 
  • Volunteer help out in a local information security group meeting
  • Read that book on your shelf that has a little more dust that you would like to admit
  • Subscribe to Adrian Crenshaw’s YouTube channel 
  • Be intentional by creating a weekly appointment with your team in order to learn something new over a brown bag lunch
  • Foster an environment that facilitates a culture of learning
 
After considering this topic for a long time, I want to ask this question - What are you doing to invest in yourself, particularly in ways that do not cost anything but your time? Please leave what works for you in our comments section below.
 
Russell Eubanks
Keywords: Lessons Learned
5 comment(s)

The story of the CFO and CEO...

Published: 2017-05-06
Last Updated: 2017-05-06 06:50:44 UTC
by Xavier Mertens (Version: 1)
4 comment(s)

I read an interesting article in a Belgian IT magazine[1]. Every year, they organise a big survey to collect feelings from people working in the IT field (not only security). It is very broad and covers their salary, work environments, expectations, etc. For infosec people, one of the key points was that people wanted to attend more trainings and conferences. The salary is not the key element. When I was visiting the Hack in the Box conference in Amsterdam a few weeks ago, there were flyers distributed to participate in an online survey about trainings & infosec[2].

When I twitted[3] about the Belgian article, the author of this survey contacted me and told me that the results of his survey demonstrated that 76% of participants are ready to search for a new position if they aren’t allowed to attend (enough) security conferences! This reminds me the joke of the CFO speaking to the CEO:

CFO: What happens if we train them and leave?
CEO: What happens if we don't and they stay? 

We are working in a field where things are changing at light speed. We must attend trainings, we must meet peers and share our experience! Have a nice weekend!

[1] http://www.datanews.be
[2] https://docs.google.com/forms/d/e/1FAIpQLSfnkJ_tqKyWWgNXG-PMXdWvigKR5j77bfN0mGOTxmj-RjORIw/viewform?c=0&w=1
[3] https://twitter.com/xme/status/856577692975628289

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key

4 comment(s)
Diary Archives