Peter H. Gregory - CISSP For Dummies

Unless you work for a large organization, there probably aren’t many other information security (infosec) professionals in your organization. You may be the only one! Yes, it can feel lonely at times, so we suggest that you find ways to make connections with infosec professionals in your area and beyond. Many of the activities described in this chapter provide networking opportunities. If you haven’t been much of a social butterfly before, and your professional network is somewhat limited, get ready to take your career to a whole new level as you meet like-minded security professionals and potentially build lifelong friendships.

We promise that we have no affiliations with LinkedIn when we say it, but hear this: LinkedIn is one of the best business networking tools to come along since the telephone and the business card. LinkedIn can help you expand your networking horizons and help you make contacts with other business professionals in your company, your profession, your region, and far beyond.

Chances are that you aren’t new to LinkedIn, so we’ll skip the basics here. People in the infosec business are a bit particular, however, and that’s what we want to discuss. Infosec professionals tend to be skeptical. After all, we’re paid to be paranoid, as we sometimes say, because the bad guys (and gals) are out to get us. This skepticism relates to LinkedIn in this way: Most of us are wary of making connections with people we don’t know. So as you begin to network with other infosec professionals on LinkedIn, tread lightly, and proceed slowly. It’s best to start making connections with people you actually know and people you’ve actually met. If you make connection requests with infosec people you haven’t met, there’s a pretty good chance that they’ll ignore you or decline the request. They’re not being rude; they’re just aware of the fact that many scammers out there will build fake connections in the hope of earning your trust and pulling some kind of ruse later.

Similarly, if you’ve been one of those open networkers in the past, don’t be surprised if others are a bit reluctant to connect with you, even those you’ve met. As you transition into an infosec career, you’ll find that the rules are a bit different.

Bottom line: LinkedIn can be fantastic for networking and learning, but do know that infosec professionals march to the beat of a different drummer.

It’s not what you know, but who you know. (Well, what you know matters too!)

If you’re just getting started in your infosec career (regardless of your age or other career experience), you’ll likely meet other infosec professionals that have at some point in their careers been in your shoes, who will be happy to help you find answers and solutions to some of those elusive questions and challenges that may be perplexing you. You may find that you’re initially doing more taking than giving, but make sure that you’re at least showing your appreciation and gratitude for their help — and remember to give back later in your career when someone new to infosec asks to pick your brain for some helpful insight.

As you venture out in search of other infosec professionals, put your smile on, and bring plenty of business cards. (Print your own if your employer doesn’t provide any.) You’re sure to make new friends and experience growth in the security business that may delight you.

Being an active (ISC) 2member is easy! Besides volunteering (see the following section), you can participate in several other activities, including the following:

Attend the (ISC)2 Congress. For years, (ISC)2 rode the coattails of ASIS (formerly the American Society for Industrial Security; we blame Kentucky Fried Chicken for becoming KFC and starting the trend of businesses and organizations dropping the original meaning behind their acronyms!) and occupied a corner of the ASIS annual conference. But in 2016, (ISC)2 decided that it was time to strike out on its own and run its own conference. In 2017, one of your authors (first name starts with P ) attended and spoke at the very first stand-alone (ISC)2 Congress and found it to be a first-class affair every bit as good as those other great national and global conferences. Find out about the next (ISC)2 Congress at https://congress.isc2.org .

Vote in (ISC)2 elections. Every year, one-third of the (ISC)2 board of directors is elected to serve three-year terms. As a CISSP in good standing, you’ve earned the right to vote in the (ISC)2 elections. Exercise that right! The best part is becoming familiar with other CISSPs who run for board positions so you can select those who will best advance the (ISC)2 mission. You can read the candidates’ biographies and understand the agendas they’ll pursue if elected. With your vote, you’re doing your part to ensure that the future of (ISC)2 rests in good hands with directors who can provide capable leadership and vision.

Attend (ISC)2 events. (ISC)2 conducts several in-person and virtual events each year, from networking receptions to conferences and educational events. (ISC)2 often holds gatherings at larger industry conferences such as RSA and BlackHat. Check the (ISC)2 website regularly to find out more about virtual events and live events in your area.

Join an (ISC)2 chapter. (ISC)2 has more than 150 chapters in more than 50 countries. You can find out more at www.isc2.org/chapters . You have many great opportunities to get involved in local chapters, including chapter leadership, chapter activities, and community outreach projects. Chapter events are also great opportunities to meet other infosec professionals.

Partake in free training. (ISC)2 offers lab-style courses, immersive courses, and express training at the Professional Development Institute that can help expand your horizons. Find out more at www.isc2.org/Development .

Enjoy exclusive resources and discounts. (ISC)2 membership has many perks in the form of discounts and access to exclusive content and services. Find out more at www.isc2.org/Member-Resources/Exclusive-Benefits .

Wear your digital badge proudly. You can set up your digital badges and use them on LinkedIn, business cards, blogs, and elsewhere. Best of all – they’re free. Learn more at https://credly.com .

It’s important for (ISC) 2to have your correct contact information. As soon as you become a CISSP (or even before), make sure that your profile is accurate and complete so that you’ll receive announcements about activities.

(ISC) 2is much more than a certifying organization: It’s also a cause, and you might even say it’s a movement. It’s security professionals’ raison d’être, the reason we exist — professionally, anyway. As one of us, consider throwing your weight into the cause.

Volunteers have made (ISC) 2what it is today, and they make valuable contributions toward your certification. You can’t stand on the sidelines and watch others do the work. Use your talents to help those who’ll come after you. You can help in many ways. For information about volunteering, see the (ISC) 2Volunteering website ( www.isc2.org/Membership/Volunteer-Grow ).