(ISC)2 Launches New Software Security Certification – CSSLP

(ISC)2 brand new certification to address security holes in software development – arriving on scene is the CSSLP – Certified Secure Software Lifecycle Professional.

OWASP AppSec India – Keynote and Training

OWASP AppSec India Keynote on Application Security Trends and Challenges
OWASP Training on Advanced Threat Modeling

(ISC)2 Official CISSP Practice Exams and (ISC)2 Official SSCP Practice Exams

(ISC)² is dedicated to creating new value-added services for its prospective and more than 50,000 current members worldwide. One of the most exciting of these is studISCope, our online self-assessment tool that helps candidates assess their knowledge of the CISSP or SSCP CBK^®. Together with our partner, Express Certifications – a company renowned for developing innovative testing and training techniques – (ISC)² can now maximize your learning experience and focus your study efforts more precisely along whichever information security career path you choose.

Read More

Top 3 Questions in the Board Room …

Are there other questions (than the ones listed below) that take more precedence that an Information Security Professional/Leader/Executive needs to be able to answer in the board room? If so, please respond …

1. What is the Revenue to the company?
2. What is the Cost to the company?
3. What are the Risks to the company?

Additionally thoughts on how these questions can be answered from an information security perspective is welcome.

2007 – The Year of …

1982 Machine of the Year was the Computer and the 2006 year end issue of Time magazine has ”You” - the IT Professional as the Person of the Year.

With the continued focus and increased attention on information security, many information security professionals find themselves to be in constant demand. What makes these InfoSec Professionals to be sought after? (See DNA of an effective InfoSec Professional) and the real question would be will 2007 be not just the Year of “You-the IT Professional” but also the Year of the “InfoSec” Professional?

DNA of an effective InfoSec Professional?

Just wondering, in today’s day and age, what constitutes the DNA of an effective InfoSec Professional -
Is it one who is versatile with a breadth of experience across various technology or is it someone who is super specializes in one area of security? Is it one with an entreprenuerial spirit, a visionary, …

I would like to compile various opinions as to what one thought was the DNA of an effective InfoSec Professional

Merriam-Webster defines effective as “producing a decided, decisive, or desired effect”