Category Archives: Risk Management For DoD IT

6 Figure IT Security

6 Figures in IT Security “cybersecurity” (Do you Want this? If so, sign up here)

Course site: https://securitycompliance.thinkific.com

I am thinking of doing a course on how to make 6 figures in IT Security. What do you think? Is this something you would be interested in? This is something I know a lot about.

I would explain:
The landscape of IT Security
Career paths in IT Security
How to choose the right path
How to prepare for that path
What kinds of IT security jobs make 6 figures
What places and companies pay 6 figures
What certifications, degrees and experience you need to start
How to build a bad ass IT security resume
where to post it
how to respond once offers start coming in

IT security position job Q&A (part 1)

Check out my FREE courses at: https://securitycompliance.thinkific.com

In this video we read some of your questions about getting IT Security Jobs.

masaki23joe
“I have a B.A in Telecommunications, would this work for this career field.” see the answer at 00:00:45

shawn 08
“Hey Bruce I got my security + and cap. What do you suggest on how to get into the risk management/ security auditing field when someone doesn’t have any experience? I do have 7 years experience in desktop support and data center monitoring just want to try a different field but not sure how to go about this.”
answer at 00:02:53

David petrell
“What training is need to get into the security field? I have a BS in information security and working a MS in Cybersecurity and working on getting my CEH cert. What are ways that I can get into the security field as I don’t have any security experience and most jobs postings are wanting at least 4 to 5 years of experience”
answer at 00:06:26

diacap tarry town

DIACAP Compliance Engineer and Information Assurance Lead Jobs (risk management framework)

Role: DIACAP Compliance Engineer
Location: Tarrytown, NY
Duration: 6+ months

Enterprise Solution Inc.
500 E. Diehl Road, Suite 130, Naperville, IL 60563
Office: # 630-214-9485
E-Mail : pradyut@enterprisesolutioninc.com
Gmail : pradyut10.esi@gmail.com

Title: Information Assurance Lead
Location: Aberdeen, MD
Client: Federal
Duration: Full Time

Home


8251 Greensboro Drive, 9th Floor

McLean VA 22102
yogeshk@etalentnetwork.com

Office: (877) 715-3865 Ext.328

I get people contacting me every week about jobs all around the US! Today, I am going to show you a couple that I received recently. I hope that it will give you some idea of what employers and contracts look for in security compliance professionals.

chrome DISA STIG

STIG Update – Google Chrome Browser STIG, V1R7

STIG Update –¬†Google Chrome Browser STIG, V1R7


DISA has updated the Google Chrome Browser STIG Version 1 Release 7. The requirements of the STIG become effective immediately. The STIG is available on IASE at http://iase.disa.mil/stigs/app-security/browser-guidance/Pages/browser-guidance.aspx.

 

Security Roles and Responsibilities

There are hundreds of different roles & responsibilities in the IT Security career field alone. Here are some of the common types that I have seen:

Information System Security Manager – coordinate with the system owner and the information system security officer to ensure security is on the systems.
Information System Security Officer – coordinate with management and system administrators to implement system security controls. Ensures security controls are tracked and documented.
System Administrator – applies technical functionality and security on information systems.
Architect – assists in the design of enterprise information systems.
Security Analyst – review the logs of information systems to determine if there are any malicious activities happening.
Auditors – review the information systems to make sure the security controls are applied, documented and continuously monitored.

IT Security Career Risk Management Framework

So you want to get into Information Technology? Well what do you want to do in IT because there are many different branches of it. I would suggest going into IT security, specifically, Risk Management Framework. It is a very specialized field.

You will need to know the fundamental of IT security. The basics on what goes into securing important data and their hardware. You will also need to have at least a little knowledge of technology and its history. You will need to know a LOT about NIST SP 800-37, “Guide for Applying the Risk Management Framework to Federal Information Systems”. You will need to dive into NIST SP 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations”.

Since not many people want to do this work, or even know about it, there is not much competition. They are always looking for qualified people to do it. What you will need is a 4 year degree (preferably in something technical), an IT certification in security (Security+, ISC2 CAP, CISSP, CASP, CISM,CISA) and a lot of knowledge on NIST 800-37.