As the name of my blog suggest I am an information security (InfoSec) person. This blog will be my humble attempt at assisting people wondering whether InfoSec is something to consider for their career.
During the last 12 years or so I had the chance to assume lots of different positions (example provided below) within lots of different organizations (not just companies) practicing in lots of different business verticals. This might provide me with sufficient insights to share them. None of what is writing here should be consider hard truth / solutions that will fit every situations: All organizations are different, all situations are different. It is my sincere believe that the closest things to having experience struggle first hand is knowing someone who had to steer through it. And the second best thing to knowing someone in real life is read them. Now let’s buckle up (safety first, always) and discuss infosec, shall we?
- Internal controller (hello~ SOX/BASEL II)
- External auditor
- Outsourced internal auditors (totally different animal from a proper external auditor, this might be the topic of a post in itself)
- Information security consultant
- Information security pre-sales
- Regional awareness leader
- BCP manager assistant (but but but… this is resiliency and not pure information security? Do not worry, we will discuss this as well in the near future)
- Regional (information security) compliance leader
- Trainer
- Acting-as QSA
- Information security homologator
- CISO coach
- CISO