Name: Arlie Hartman
Title: National Security Operations Manager - Cloud
Location: Indianapolis, Indiana, U.S.A.
Degree: Bachelor’s degree in Business, IT Management at WGU (in progress)
Years in IT: 16
Years in cybersecurity: 11
Cybersecurity certifications: CCSP, CISSP, HCISPP, GSEC, PCIP
How did you decide upon a career in cybersecurity?
I was working as a quality analyst doing root cause analysis for unsatisfactory IT incident resolutions – I was, essentially, a complaints department. I saw a position available as a technical analyst for our regional security officer and I applied and got it. I started out supporting the RSA Ace server for remote access second factor and the PGP key server for PKE and our interface engine. As I built more trust with my boss, I started attending meetings he was too busy to go to. I built relationships across the organization and started learning a tremendous amount about healthcare, information security and enterprise IT. I really enjoyed the blend of people and technology.
Why did you get your CCSP®?
While I was working as a qualified security assessor (QSA), I often had to assess public and private cloud infrastructures to the PCI-DSS. I would lean heavily on our younger analysts who were more experienced in AWS and Azure. When I went back to healthcare, my employer was evaluating a migration to Office365 so I thought it would be a great opportunity to put into practice all the research I had been doing on cloud computing.
What is a typical day like for you?
The greatest thing about being an information security professional is that you never have a “typical day.” If you like doing the same thing every day and never being challenged, do not get into information security. Generally, I start by catching up on urgent emails, read through the analyst reports, threat feeds, security tweets and cybersecurity news. After that, I work through my ever-changing list of daily, weekly and long-term deliverables. I try to check in and make sure my team has what they need, and let my director know if there is anything we need help with. We are a small team that often helps evaluate technology or process changes and assists with acquisitions. I am busy, but productive.
Can you tell us about a personal career highlight?
I really enjoy talking with other information security professionals. I attend local and regional security conferences, from (ISC)² events to DerbyCon. I have been fortunate enough to speak at GrrCon and at my local Circle City Con. I was recently asked to join the board of my local Central Indiana ISSA chapter which has been growing beyond expectations. I enjoy getting the opportunity to listen, learn and share in such a great community of professionals.
How has the CCSP certification helped you in your career?
It has been a natural progression from my CISSP to earn my CCSP. The certification demonstrates to my peers that I am staying current with technologies as they evolve. Attaining the CCSP has shown to my leadership that I am seriously committed to our evolving technology strategy and that I have the competency to contribute.
What is the most useful advice you have for other cloud security professionals?
What you do as a cloud security professional is important. This specialty is a vertex of compliance, risk management, APIs and virtual infrastructure. I am seeing my generation of information security professionals, who came from infrastructure and traditional networking, start to work with a new generation of professionals who natively understand software-defined infrastructure. Getting the organization and IT group into the cloud, safely, is one of the great infosec responsibilities of our time.
Read the Rise of the Cloud Security Professional whitepaper for more information on the CCSP.