As I’ve looked at my own path and helped others along their journey, there is a framework for success in information security.
My goal in writing this book is give you the confidence to grow your own career in information security. I’ve analyzed my career and the careers of others to design a plan to build a successful career in information security.
My focus is on how you can use the content you know along with broadening your knowledge to give you an advantage in getting a promotion or moving to a new opportunity.
In the short term, this book can be your mentor to guiding your career. As you will read in the chapters in this book, I encourage you to get your own mentor to help you on a day-to-day basis with the unique problems you may face. (And make sure they've read the book too!)
The book is broken up into three main sections. The idea of each section is to build a foundation and grow that foundation throughout the book. Even if you're well into your career, there is a lot to learn from each section. Additionally, it's a great resource if you're a mentor to others.
A guide to building your career in information security. This includes learning about security, certifications such as the CISSP and CISA, an overview of regulations and compliance, the basics of security including IP Addressing, ports, the OSI model, and others.
A guide from moving to a security analyst or pen tester to a manager or principal. This section includes how to be a great manager, communications, moving away from the technology and into management.
A guide to growing into an information security executive. This includes some foundational CISO principles for communicating security issues to non-technology executives.
I blog at JaySchulman.com about building your life and career in information security. I also have a podcast on iTunes called Building a Life and Career in Security Podcast. I'm currently a Managing Principal at Cigital, Inc and lead our Midwest Practice. I focus at Cigital on software security and application security initiatives including BSIMM measurements, program strategy and development, mobile application security (including iOS, Android and mobile frameworks such as PhoneGap), web application security, product security, medical device security and penetration testing.
At KPMG LLP, I was a Managing Director and National Leader for Identity Management. I also previously served as Business Information Security Officer at JPMorganChase where I managed security operations, engineering and architecture for a Global Information Security Line of Business.
I help security teams develop their information security programs and capabilities. I help CISOs, CIOs and CFOs understand and react to enterprise security risks and protect against attacks. I want to build information security organizations which enable the business. Information Security shouldn't be about saying "no" but about finding a way to get to "yes." I believe in strong security processes supported by a well lead team and strategic security technologies.
My goal in writing this book is give you the confidence to grow your own career in information security. I’ve analyzed my career and the careers of others to design a plan to build a successful career in information security.
My focus is on how you can use the content you know along with broadening your knowledge to give you an advantage in getting a promotion or moving to a new opportunity.
In the short term, this book can be your mentor to guiding your career. As you will read in the chapters in this book, I encourage you to get your own mentor to help you on a day-to-day basis with the unique problems you may face. (And make sure they've read the book too!)
Structure of the Book
The book is broken up into three main sections. The idea of each section is to build a foundation and grow that foundation throughout the book. Even if you're well into your career, there is a lot to learn from each section. Additionally, it's a great resource if you're a mentor to others.
Day 1
A guide to building your career in information security. This includes learning about security, certifications such as the CISSP and CISA, an overview of regulations and compliance, the basics of security including IP Addressing, ports, the OSI model, and others.
Year 1
A guide from moving to a security analyst or pen tester to a manager or principal. This section includes how to be a great manager, communications, moving away from the technology and into management.
Year 10
A guide to growing into an information security executive. This includes some foundational CISO principles for communicating security issues to non-technology executives.
About The Author
I blog at JaySchulman.com about building your life and career in information security. I also have a podcast on iTunes called Building a Life and Career in Security Podcast. I'm currently a Managing Principal at Cigital, Inc and lead our Midwest Practice. I focus at Cigital on software security and application security initiatives including BSIMM measurements, program strategy and development, mobile application security (including iOS, Android and mobile frameworks such as PhoneGap), web application security, product security, medical device security and penetration testing.
At KPMG LLP, I was a Managing Director and National Leader for Identity Management. I also previously served as Business Information Security Officer at JPMorganChase where I managed security operations, engineering and architecture for a Global Information Security Line of Business.
I help security teams develop their information security programs and capabilities. I help CISOs, CIOs and CFOs understand and react to enterprise security risks and protect against attacks. I want to build information security organizations which enable the business. Information Security shouldn't be about saying "no" but about finding a way to get to "yes." I believe in strong security processes supported by a well lead team and strategic security technologies.