The year 2017 was an
eventful one in the security world. The news
cycle was frequently dominated with terms like Shadow Brokers, WannCry, Eternal
Blue, honestly it seemed to be news stories based on movie plots. This would also be the year I officially
received my CISSP certification in the mail from (ISC)2 and as a newly minted CISSP and Sr Information
Security Consultant I was ready to leave behind the boring world of anti-virus
protection and the never-ending Windows update cycle to take on the bad guys
that keep showing up on the news.
Of course, I wasn’t being serious about that, but after the
mind melt from studying for the CISSP exam it sure was a nice thought. The reality is security is part of every
layer, and it’s vital to consider how the defense in place at each level works
together to provide a total security program for an organization. The reality also is there isn’t 1 guy in a
cape saving the world, every employee in an organization from top to bottom has
a role to play in information security.
In my day to day role in security consulting I hear from a
lot of IT professionals who are paralyzed by the sheer magnitude of information
security. Toss in some compliance
acronyms (anyone thinking about GDPR yet?) and it is easy to see why this can
be the case. Over the course of the next
10-12 weeks I’ll be exploring topics around information security in this blog. The goal is to help highlight good sources of
security information, relevant current events, and hopefully some tactics that
can help reduce security from a mountain into a group of molehills that can be
easily ascended.
