and it doesn’t exist (yet).
Maybe you have a career in cyber security, or maybe you want to pursue one. Maybe you are pursuing higher education, or maybe you are learning in your mother’s basement.
That’s not what this is about.
This is about the person who has neared the pinnacle of their calling, and that calling is senior digital security leadership. By what benchmark do we identify those who are truly worthy?
CISSP? CISM? OSCP? Security+ (please…)
These all serve a purpose (I suppose) but the one which needs to exist, and didn’t exist until I hit the “Publish” button is the ISSS.
I’ve Seen Some Shit: a Certification of Experience
I’ll be focusing on the full career path ISSS (FCP ISSS) for those who have hit Director-level (or equivalent) or higher. You have to have come up through technology and security, not stepped in sideways after managing a project team or other non-technical role. You have to be a purebread.
No security Muggles.
What might questions look like on this test?
Here are some examples, straight from my Notepad.exe which I typed up a few minutes ago. Score a point for each scenario you’ve seen. Score an extra credit point for items in [brackets]:
- Have you had to run an incident where sensitive data was at significant risk of being exfiltrated? [Was the root cause something which could easily be identified as a non-security management decision failure?]
- Have you had a ransomware incident in an environment you are responsible for? [Were you able to avoid paying ransom?]
- Have you ever had to deal with a vendor or partner who was compromised who had significant connectivity into your own environment? [Have you ever been the one to tell them “you’ve been hacked?”]
- Have you ever inherited and discovered a heinous breach which preceded your administration? [Did you avoid overreaction and, instead acknowledge “this has been here for years, what’s another day or two going to hurt” while you figure out the REAL impact?]
- Have you ever taken a look at physical security controls like badging systems, cameras, locks and cages? [Did you help the security officer make improvements to his system?]
- Have you ever turned down…