Check out my FREE courses at: https://securitycompliance.thinkific.com
In this video we read some of your questions about getting IT Security Jobs.
“I have a B.A in Telecommunications, would this work for this career field.” see the answer at 00:00:45
“Hey Bruce I got my security + and cap. What do you suggest on how to get into the risk management/ security auditing field when someone doesn’t have any experience? I do have 7 years experience in desktop support and data center monitoring just want to try a different field but not sure how to go about this.”
answer at 00:02:53
“What training is need to get into the security field? I have a BS in information security and working a MS in Cybersecurity and working on getting my CEH cert. What are ways that I can get into the security field as I don’t have any security experience and most jobs postings are wanting at least 4 to 5 years of experience”
answer at 00:06:26
STIG Update – HBSS ePO 5.x STIG Version 1, Release 15
DISA has released the HBSS ePO 5.x STIG Version 1, Release 15. The requirements of the STIG become effective immediately. https://iase.disa.mil/stigs/hbss/Pages/index.aspx
For all STIG related questions, please contact the DISA STIG Customer Support Desk: email@example.com
I get people contacting me every week about jobs all around the US! Today, I am going to show you a couple that I received recently. I hope that it will give you some idea of what employers and contracts look for in security compliance professionals.
What is payment card industry PCI data security standard DSS?
I got the chance to talk to a Payment Card Industry (PCI) professional. James is in the PCI IT industry and tells about it from inside the field. It is a great opportunity to learn about this growing career path.
We talked about how the PCI security standard compares to the Risk Management Framework.
Here are some of the resources we talked about:
Enroll to learn MORE on security compliance:
Source code management (SCM) & DEVOPS team (Infrastructure Team) manages the entire continuous integration, continues development chain process of a global Engineering conglomerate.
Application is developed using Microsoft technology C#, C++, WPF, MVVM and custom control on Windows-7 platform. The backbone of the entire SCM is Microsoft TFS while the packaging strategy is utilizing MSI and WIX. The current build management is driven by customized XMAL with PowerShell usage. Now the plans are to move to VNEXT that provides flexibility as an orchestrator and allows better reporting, triggering and logging facility.
The Goal of this team is to make the entire infrastructure to be in compliant with DIACAP (DoD Information Assurance Certification and Accreditation) process
Expectations – The team is looking out for Engineers who can augment the current team and support on following tasks
This means the identified engineer needs experience in DIACAP process (not knowledge) on how the system could be transformed to be DIACAP compliant system.
• Experienced in the Security Technical Implementation Guide (STIG) that provides security guidance for .NET deployments in workstations or servers and focuses on the secure configuration of the .NET Common Language Runtime (CLR).
• Identify loopholes and open items as part of IIS 7.0 Web Server to ensure that the IIS 7.0 becomes STIG compliant and thus related request handling and filtering are done in control manner and encryption is applied for protocols or data exchange for HTTP, FTP or telnet and more of such tasks etc.
• Ensuring the basic need of McAfee VirusScan 8.8 Managed Client STIG that highly suggests to have antivirus to be monitoring 24*7 along with no possibility of stoppage of such services and availability of antivirus signed files almost every day
• Ensure security enablement in Microsoft Internet Explorer 11 client used on Windows-7 workstations like script execution, popup restrictions as needed and stoppage of unsigned ACTIVEX controls
• Experience in interpreting STIG scans that reflect results on periodic basis.
• Experience in working on adding check and controls in build management system that automates scans ensure STIG compliance.
• Good Team Player
• Good Written and verbal communication skills
• Customer facing experience would be added advantage
www.enterprisesolutioninc.com Pradyut Bhattacharya
Enterprise Solution Inc.
500 E. Diehl Road, Suite 130, Naperville, IL 60563
Office: # 630-214-9485
Source of Changes:
President’s Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Office of Management and Budget Memorandum M-17-25 – next-generation Risk Management Framework (RMF) for systems and organizations
NIST SP 800-53 Revision 5 Coordination