I’ve been interviewed for the launch of the ISACA Young Professionals portal that contains a wealth of information for starting and accelerating your career in IT audit and cybersecurity.
I decided to contribute because ISACA played a role in my career development too.
I started attending ISACA London chapter events while I was studying for my Master’s degree in London. Although the university provided a great theoretical foundation on information security, I wanted to know about the real-world challenges that practitioners in the industry were facing.
At the time I had just finished writing my thesis after doing some great research at the university and I wanted to share my findings and the research of my colleagues with the community. The organisers were supportive, so we agreed a day and I delivered a talk on resolving conflicts between security compliance and human behaviour.
It was a rewarding experience as the participants provided some valuable insights and feedback; they helped to bridge the gap between academia and real practical experience. I already had a solid foundation from my postgraduate degree but I was missing was some anecdotes and real life stories about how this could apply in practice. This laid the foundation for my book The Psychology of Information Security.
It worked out for me, but should you get involved in broader activities beyond developing your technical skills? I would say yes.
The value of technical skills and knowledge can’t be overestimated. But there’s another side to this story. Prospective employers are not only looking for technical experts, they want people who are good team players, who can collaborate and communicate effectively with others, who can organise and get things done, who can lead. Getting involved with the community and volunteering gives you the chance to develop and demonstrate these non-technical skills and grow your professional network.
Regardless of where you are on your journey, ISACA provides great opportunities to advance your career through courses, networking and certification programmes, so I highly recommend getting involved!
Read my story on ISACA Blog.
I just passed the Certified Cloud Security Practitioner (CCSP) exam. It wasn’t easy, but nothing you can’t prepare for.
Apart from the official (ISC)2 guides, here are some of the resources I used in my studies:
- Cloud Security Alliance Security Guidance v4.0
- Cloud Security Alliance Enterprise Architecture
- Security Guidance for Critical Areas of Mobile Computing
- CSA Cloud Controls Matrix
- The ‘Treacherous Twelve’ Cloud Computing Top Threats in 2016
- ENISA Cloud Security Publications
- NIST SP 800-146 Cloud Computing Synopsis and Recommendations
- NIST Special Publication 500-299 Cloud Computing Security Reference Architecture (Draft)
- OWASP Top 10
If you would prefer to add video lectures to your study plan, there’s a free course on Cybrary. For a quick summary, check out these study notes and mindmaps. Also, multiple sets of free flashcards are available on Quizlet.
It is a good idea to do some practice questions: there are books and mobile apps out there to help you with this. Practical experience in cloud security is also essential.
The exam tests your knowledge of the following CCSP domains:
- Architectural Concepts and Design Requirements
- Cloud Data Security
- Cloud Platform and Infrastructure Security
- Cloud Application Security
- Legal and Compliance
The structure and format might change as (ISC)2 continuously revise their exams, so please check the official website to make sure you are up-to-date with the latest developments.
On the day, read the questions carefully. It’s not a time pressured exam (I was done in two hours), so it’s worth re-reading the questions and answers again to make sure you are answering exactly what is being asked. Eliminate the wrong options first and then decide on the best out of the remaining ones.
Finally, my suggestion would be to approach the questions from the perspective of a consultant. What would you recommend in each situation? Don’t go too technical – keep the business needs in mind at all times.
Don’t stress too much about the final result. I’m sure you’ll pass, but even if not on your first attempt, you’ll learn either way! Remember, the knowledge you accumulate in the process of preparing for the test itself has the most value, not the credential.
I’ve recently passed my AWS Certified Solutions Architect – Associate exam. In this blog I would like to share some preparation tips that would help you ace it.
Not only practice makes perfect, some hands-on experience is also a prerequisite for the exam. So there is really no way around that! But what if you didn’t have a chance to use your skills on a real-world project yet? No problem! AWS gives you a opportunity to learn how their cloud components work through AWS Free Tier. For one year, you can use Amazon EC2 , Amazon S3, Amazon RDS, AWS IoT and many more free of charge,
You want more guidance? Qwiklabs developed a set of labs that specifically designed to help you prepare for this exam. For a small price, you can complete exercises without even requiring an AWS account or signing up for Free Tier.
I recommend studying AWS Whitepapers to broaden your technical understanding. If you are short on time, focus on these:
- Overview of Amazon Web Services
- Architecting for the Cloud: AWS Best Practices
- How AWS Pricing Works
- Compare AWS Support Plans
AWS developed a freecself-paced Cloud Practitioner Essential course, to help you develop an overall understanding of the AWS Cloud. You will learn basic cloud concepts and AWS services, security, architecture, pricing, and support.
There is also a YouTube channel with free introductory videos and other noteworthy material.
Exam sample questions can help you check your knowledge and highlight areas requiring more study.
Remember, the best preparation for the exam is practical experience: AWS recommend 1+ years of hands-on experience with their technologies.
When you’re ready, go ahead and schedule an exam here.
I’ve been interviewed by Javvad Malik about my career in Information Security. He published the interview on his website
The difference between Leron and anyone else that has ever asked for advice is his willingness to learn and take on board as much knowledge as possible and then apply it. In a few short years, not only was Leron able to complete his MSc, but he landed a job (while turning down other offers), spoke at events, and wrote a book. Achieving more in 3 years than most people do in 10.
So, the roles are now reversed. I needed to catch up with Leron and pick his brains about his journey and see what I could learn from him.
Read the full story
I recently had the pleasure to help organise and host PhD students from Royal Holloway, University of London (RHUL), who spent a day at my company interacting with the team in order to gain industry insights.
This day-long event included presentations by the students, their lecturers, our partners and consultants.
During one of these presentations, I shared some of my own experiences as an information security consultant, in which I talked about my role and area of expertise. I also discussed current security challenges and provided some career advice.
Several round table discussions provided everybody with much needed food for thought. We covered topics like security monitoring, threat intelligence, information protection in digital health and the role of the C-suite.
We received positive responses from the professors – the students enjoyed the presentations and learned a lot from the interactions during the day.
Santander have kindly agreed to host our next workshop event in their London offices on the 14th October. View the event flyer here.
Hear from leaders in Digital Innovation and Information Security on:
– The balance of Security and Innovation: The Cyber Threat and Opportunity
– Phishing and Social Media
– The Importance of Communication in Security
– Edward Metzger, Head of Innovation, Santander
– Matt Bottomley, Senior Manager, Cyber Risk, Lloyds Banking Group
– Christine Maxwell, Head of Digital Security, Governance and Operational Excellence, BP
Networking and Careers Session
– Opportunity to network with junior professionals, students in Information Security and Technology
– Post event drinks and canapés reception
– Information Security careers stands from Santander, EY and KPMG will be at the event
Date: Wednesday 14th October 2015