« HealthCare Security & Privacy Professionals Defined | Main | FREE Ways to Earn Continuing Professional Education (CPE) Credits for Your InfoSec Certification »

20 December 2013


Jan Buitron, MSIA, CISSP, Doctoral Candidate

First, the cybersecurity professional must at least understand the technical side of cybersecurity and be armed with a security stream-of-consciousness at all times. Next, these skills must be sharpened on a daily basis. Last but not least, we as security professionals need to educate our colleagues and corporate management, then educate, explain, and educate some more. Once a large breach, aka Target in 2013 has happened, corporate leadership cannot put the incident into a bottle and close it. Our job is to lead management skillfully. Technical tools are a significant portion of information security, but they are not the be-all and end-all. A trained work force must support the technical portion, and an overarching corporate security policy must back the security program.

And, once in place, the security program must be continually evaluated and reporting must be in place for performance analysis and improvement.


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

About the
(ISC)² Blog

  • (ISC)² believes in the importance of open dialogue and collaboration, between both (ISC)², its certified members and members of business and society.

    (ISC)² established this blog to provide a voice to its certified members, who have significant knowledge and valuable insights to share that can benefit the information security industry, the people in it and the public at large.

    The postings on this site are the author's own and don't necessarily represent
    (ISC)²'s positions, strategies or opinions. (ISC)² does not control, monitor, or endorse any links provided in this blog and makes no warranty or statement regarding the content on any linked website.

    Those who post comments to blogs should ensure their comments are focused on the topic at hand. (ISC)² reserves the right to remove any post or comment from this site.

    Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org.

    Please click here for FAQs.

    Please click here for the Blog guidelines.

(ISC)² Twitter Updates

  • (ISC)² Twitter Updates