CISSP For Dummies. Peter H. Gregory
Читать онлайн книгу.
your company, your profession, your region, and far beyond.
Chances are that you aren’t new to LinkedIn, so we’ll skip the basics here. People in the infosec business are a bit particular, however, and that’s what we want to discuss. Infosec professionals tend to be skeptical. After all, we’re paid to be paranoid, as we sometimes say, because the bad guys (and gals) are out to get us. This skepticism relates to LinkedIn in this way: Most of us are wary of making connections with people we don’t know. So as you begin to network with other infosec professionals on LinkedIn, tread lightly, and proceed slowly. It’s best to start making connections with people you actually know and people you’ve actually met. If you make connection requests with infosec people you haven’t met, there’s a pretty good chance that they’ll ignore you or decline the request. They’re not being rude; they’re just aware of the fact that many scammers out there will build fake connections in the hope of earning your trust and pulling some kind of ruse later.
Similarly, if you’ve been one of those open networkers in the past, don’t be surprised if others are a bit reluctant to connect with you, even those you’ve met. As you transition into an infosec career, you’ll find that the rules are a bit different.
Bottom line: LinkedIn can be fantastic for networking and learning, but do know that infosec professionals march to the beat of a different drummer.
If you’re just getting started in your infosec career (regardless of your age or other career experience), you’ll likely meet other infosec professionals that have at some point in their careers been in your shoes, who will be happy to help you find answers and solutions to some of those elusive questions and challenges that may be perplexing you. You may find that you’re initially doing more taking than giving, but make sure that you’re at least showing your appreciation and gratitude for their help — and remember to give back later in your career when someone new to infosec asks to pick your brain for some helpful insight.
As you venture out in search of other infosec professionals, put your smile on, and bring plenty of business cards. (Print your own if your employer doesn’t provide any.) You’re sure to make new friends and experience growth in the security business that may delight you.
Being an Active (ISC)2 Member
Being an active (ISC)2 member is easy! Besides volunteering (see the following section), you can participate in several other activities, including the following:
Attend the (ISC)2 Congress. For years, (ISC)2 rode the coattails of ASIS (formerly the American Society for Industrial Security; we blame Kentucky Fried Chicken for becoming KFC and starting the trend of businesses and organizations dropping the original meaning behind their acronyms!) and occupied a corner of the ASIS annual conference. But in 2016, (ISC)2 decided that it was time to strike out on its own and run its own conference. In 2017, one of your authors (first name starts with P) attended and spoke at the very first stand-alone (ISC)2 Congress and found it to be a first-class affair every bit as good as those other great national and global conferences. Find out about the next (ISC)2 Congress at https://congress.isc2.org.
Vote in (ISC)2 elections. Every year, one-third of the (ISC)2 board of directors is elected to serve three-year terms. As a CISSP in good standing, you’ve earned the right to vote in the (ISC)2 elections. Exercise that right! The best part is becoming familiar with other CISSPs who run for board positions so you can select those who will best advance the (ISC)2 mission. You can read the candidates’ biographies and understand the agendas they’ll pursue if elected. With your vote, you’re doing your part to ensure that the future of (ISC)2 rests in good hands with directors who can provide capable leadership and vision.
Attend (ISC)2 events. (ISC)2 conducts several in-person and virtual events each year, from networking receptions to conferences and educational events. (ISC)2 often holds gatherings at larger industry conferences such as RSA and BlackHat. Check the (ISC)2 website regularly to find out more about virtual events and live events in your area.
Join an (ISC)2 chapter. (ISC)2 has more than 150 chapters in more than 50 countries. You can find out more at www.isc2.org/chapters. You have many great opportunities to get involved in local chapters, including chapter leadership, chapter activities, and community outreach projects. Chapter events are also great opportunities to meet other infosec professionals.
Partake in free training. (ISC)2 offers lab-style courses, immersive courses, and express training at the Professional Development Institute that can help expand your horizons. Find out more at www.isc2.org/Development.
Enjoy exclusive resources and discounts. (ISC)2 membership has many perks in the form of discounts and access to exclusive content and services. Find out more at www.isc2.org/Member-Resources/Exclusive-Benefits.
Wear your digital badge proudly. You can set up your digital badges and use them on LinkedIn, business cards, blogs, and elsewhere. Best of all – they’re free. Learn more at https://credly.com.
Considering (ISC)2 Volunteer Opportunities
(ISC)2 is much more than a certifying organization: It’s also a cause, and you might even say it’s a movement. It’s security professionals’ raison d’être, the reason we exist — professionally, anyway. As one of us, consider throwing your weight into the cause.
Volunteers have made (ISC)2 what it is today, and they make valuable contributions toward your certification. You can’t stand on the sidelines and watch others do the work. Use your talents to help those who’ll come after you. You can help in many ways. For information about volunteering, see the (ISC)2 Volunteering website (www.isc2.org/Membership/Volunteer-Grow).
Writing certification exam questions
The state of technology, laws, standards, and practices within the CISSP Common Body of Knowledge (CBK) is continually changing and advancing. To be effective and relevant, CISSP exams need to have fresh new exam questions that reflect how security is done today. Therefore, people working in the industry — such as you — need to write new questions. If you’re interested in being a question writer, visit the (ISC)2 website to apply.
Speaking at events
(ISC)2 now holds more security-related events worldwide than it has at any other time in its history. More often than not, (ISC)2 speakers are local volunteers — experts in their professions who want to share with others what they know. If you have an area of expertise or a unique perspective on CISSP-related issues, consider educating others via a speaking engagement.