check out: http://convocourses.com
0:00 ISSO Therapy Session
14:38 Things to read for Risk Management Framework
23:37 How to Get a Security Clearance?
33:01 Do I Need a Prestigious University for Cybersecurity?
43:24 Why I don’t take calls as a mentor?
44:57 Advice for a new SCA (Security Control Assessor)
49:31 Cybersecurity Resume Tips for Security jobs
Separation of duties is an important security best practice. Separation of duties (SoD) is where an organization creates different roles for very important tasks. For example, a system administrator should not have the role of an auditor. The reason you separate these roles is because there is a conflict of interest where the system administrator auditing their own system will not be able to be completely objective when performing an assessment.
As an ISSO you are not Atlas holding up the the security of the entire organization. Instead you are part of a larger process. The risk management process and the organization as a whole abides by the process so the risk is managed by all. It is very stressful to try to take on all the responsibility and risk of the entire organization. It is also impossible for one person to absorb all that risk and run a successful organization with a great degree of confidence. The ISSO must be apart of the team and support the team.
Today’s podcast talks about updates to the RMF ISSO Security Controls Documentation courses is going to be updated soon: https://securitycompliance.thinkific.com/courses/rmf-isso-security-controls-documentation (Configuration management security controls are being added).
The price will increase soon so the time to buy is NOW (11/16/2020)!
We go into what IT certification you need for Information System Security Work (#ISSO). We show him a breakdown of the DoD 8140 which talks about cyber workforce requirements.
We talk about getting Splunk and other internal training at jobs.
Someone asked, “what is the future of Cybersecurity? and what certifications do I think will be needed in the future?
Cloud technology. Cloud tech will be as important as knowing basic networking.
We talk about FedRAMP and give an overview of what it is about.
We answer the question “what is the career path to cybersecurity analyst?”
We also talk about the importance of protecting your privacy. Search yourself on http://spokeo.com
We also discuss bein in the IT office and avoiding politics and other sensitive topics.
The ISSO’s primary function is working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, Office of the Secretary of Defense (OSD) and Military Compartments efforts. The position will provide “day-to-day” support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities.
Performance shall include:
Review, prepare, and update AIS authorization packages
Notify customer when changes occur that might affect AIS authorization
Perform AIS self-inspections, provide security coordination and review of all system test plans
Identify AIS vulnerabilities and implement countermeasures
Represent the customer on various technical review and inspection teams
Conduct security surveys at subordinate facilities and gather pertinent security documentation for inclusion into system authorization packages
Coordinate, prepare, and track AIS inspections, reports, and responses
Maintain AIS security records and prepare Co-Utilization Agreements for network nodes operating in government facilities
Prepare reports on the status of security safeguards applied to computer systems
Ensure AIS and network nodes are operated, maintained, and disposed of in accordance with security policies and practices
Perform ISSO duties in support of in-house and external customers
Assist Department of Defense, National Agency and Contractor organizations with the development of assessment and authorization (A&A) efforts
Review, track, and conduct AIS training
4 years related experience
Bachelor’s degree or equivalent experience (4 years)
Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Technician Level 2 within 6 months of the date of hire
Current Top Secret Clearance with SCI Eligibility
Eligibility for access to Special Access Program Information
Willingness to submit to a Counterintelligence polygraph
Must be familiar with current security policy/manuals Must have the ability to work in a dynamic environment and effectively interact with numerous DOD, military/civilian personnel and industry partners
Working knowledge of Microsoft Office (Word, PowerPoint, and Excel)
Possess a high degree of originality, creativity, initiative requiring minimal supervision
Willingness to travel within the organizational geographic Area of Responsibility (AOR) (note – could be extensive, and will include both air and ground transportation)
PL Consulting, Inc. Dedicated to Cyber Security
A Service Disabled Veteran Owned Small Business
C: 443.880.7716 O: 571.525.2477