I got up nice and early and managed to drag myself over to the convention, to be sure I wouldn't miss Craig Mundie's keynote where he announced the new End-to-End Trust vision we've been hearing about internally for a few weeks. Craig delivered the keynote in a "fireside chat" format with Chris Leach, who is the CISO at Affiliated Computer Services (ACS). For those of you who may not know Mr. Leach, Chris is well known in the security community and earned tremendous respect during his tenure as the CSO at BankOne during the 9/11 attacks and recovery thereafter. The discussion was really around the concept of this concept we refer to "I + 4A" which stands for "Identity + Access, Authentication, Authorization, Access Control and Audit" which are the 5 major security elements that help establish trust. The whitepaper is designed to get people to engage us on opening up a dialog to discuss the concepts further. You're not going to get any "Microsoft marketing" in this whitepaper. It really is platform and vendor agnostic. We are looking for comments and we have opened up a public forum for your feedback. Please take a moment, read through this and let us know...is this on the right track or where does this concept need to be revised? I'll be covering this topic at several customer focused events in the next few months, so when you see me.....let me know what you think!
"Is that who I think it is...."
So I'm diligently manning the Microsoft info booth today when I see someone we think was Omarosa from "The Celebrity Apprentice" walk by. We argued whether it was or was not her, so I hopped out of my seat and went to find out. Sure enough, one of the booths had hired her to do some press. I managed to get over to the booth and since no one else was around, got practically dragged over by the vendors to get a picture taken with her. I found out later she even stopped by the Microsoft booth to discuss a technical issue she's having with her computer. I happened to be "off the clock" for a few hours, so I didn't get looped in, but I'm sure we'll get it fixed for her.
The only session I managed to get to today (I have a job too!) was the one entitled "PROF-107: Managing Your Own Security Career".
The session abstract: "Careers in information security are often difficult to navigate with the industry changing more and more radically every year. This session will address important skills, traits and knowledge that a security professional needs – not just the usual stuff (like “get certified”) - but the real-world knowledge that teaches you how to have the job that keeps you challenged, growing and well compensated."
Lee Kushner and Mike Murray both did a great job of explaining the unique role that security careers cover. They discussed how we are in one of the most competitive roles in the entire world, and one that demands a great deal of focus and staying current. I especially liked the piece they did on Recession Proofing Your Career and how we think that in the security business we can't be put out on the street, because we're so valuable. Newsflash! Security isn't that special anymore, and it's too often getting rolled into other orgs. We're no longer bulletproof. They spent a good deal of time talking about Taking Ownership of your career, because no one is going to do it for you. Don't expect your boss to do it for you, they said...he's too busy managing his own career. Finally they talked about Personal Branding and How to Market Yourself. They even answered the age-old question "What certification should I get?" The answer: Whichever certification you feel will allow you to connect with the people that you want to know, and establish the brand that you hope to establish. It's not about certs, titles, or degrees. It's about getting into a position that you feel is a good fit. As Lee Kushner stated, "There are ton of security jobs. Most of them are bad jobs no one wants. The trick is finding the good ones."
Tomorrow I have to spend a few hour sin the Info Booth, but will hit a bunch of session in the morning! Stay tuned!