Author: sserillon

I am pretty excited to share here this significant milestone in my career: I achieved Certified Chief Information Security Officer (CCISO) certification from EC-Council! 🎓 Why significant? Because it reflects the end of a cycle I initiated back in 2010.Back then I was a student in one of French top IT-specialized engineer, exploring tons of…

To get back to financial/budget buy-ins I would like to make two very distinct but complementary points. The first one being that LOTS (and I means it in capital letters) of infosec stuff are either not technological bound or can most likely be implemented or at least started with the tool currently at your disposal…

Vulnerability Management (VM) can be a nightmare should you let it become one. Considering most of us would like to continue to sleep at nights (despite CISO’s most common nights relates to game of thrones famous quote “dark and full of terrors”) let’s explore together ways to handle VM in a way that will make…

In infosec as in any job it is always a good idea to ask your direct manager or HR what their expectations for you are. If you have done your hiring due diligence correctly you probably have a proper understanding but get it up-to-date is crucial to your success. To avoid looking “amateurish”1 (or worst…

Let’s address the elephant in the room, when it comes to compliance there are about 50 Shades of compliance: regulatory, laws, contractual (client, business partners), framework… Let’s illustrates with three example: financial institutions (bank, insurance and associated entities) laws, cyber insurance contract requirements and PCIDSS regulated entities. While we will explore these 3 aforementioned examples…

This post hass three totally distinct inspirations:1. This extract from a satiric French movie [1]2. Jeff Hall being one of the most proficient PCIDSS people which assisted me (remotely through his excellent blog [2] and his participation to the PCI Dream Team podcast series) A LOT in getting understanding on the payment card industrie infosec…

In the world of infosec, as holds true in many professionals fields ranging from IT to healthcare one, acronyms are EVERYWHERE. And I mean it. Every single infosec professional should invest in a mechanical handheld tally counter (trust me it will not bankrupt you, you might easily get one from Amazon for less than a…

As mentioned in my bio, I have been working in the infosec fields for more that a dozen years now. Throughout those years I changed from student, to trainee, junior, trainee supervisor, junior supervisor, senior, solo leader, apprentice supervisor (am I the only one getting a star war-y vibe here?), hiring manager, and currently manager…

Similarly to the last post we will explore an infosec analogy. This time we will try to find an animal to represent infosec. I will stick to water #ConsistencyIsKey ( cf. what is infosec was a sport https://theinfosecotter.com/?p=25)🐙 For its capacity to solve complex problems (and even foresee events #PaulLePoulpe)?🐬 For its capacity to put…

So you might consider infosec as a career prospect? Great ! However you have lots of questions? Great as well since this outlines you have, in my opinion, the three most necessary qualities to conduct infosec activities: curiosity, doubtness and humility. Infosec being a relatively recent interest to organizations (as opposed to accounting for instance)…