[...]... the Lead Technical Security Specialist at a municipal four-service utility In addition to his current position at Security Horizon, Brian serves as an instructor for the National Security Agency (NSA) INFOSEC Assessment (IAM) and INFOSEC Evaluation (IEM) Methodologies and team member of NSA IA-CMM Appraisals Brian’s publication history includes being a frequent contributor to The Security Journal, being... Does it hold on-site fitness classes? If the company does not offer an on-site gym, does it offer discounts at local gyms in your area? Does it reimburse you up to a certain amount (typically, 50 percent of the monthly fees)? ❑ ❑ For families with kids, does the company offer company-sponsored (off-site is good; on-site is better) child care? Does it have a cafeteria that serves hot food? Is it edible?... Principal Security Consultant for Security Horizon, Inc He has more than 28 years of experience in operations, communications, computer information systems, and security He is the primary lead for INFOSEC Assessments and Training for Security Horizon Ed has served as team lead for INFOSEC assessments for more than nine years He has served other companies as an INFOSEC Training Manager and Senior Security. .. implicit deny/explicit permit, and defense in depth These core concepts are not included in a traditional CS or Engineering curriculum Therefore, the erudite professional will assimilate these core values on the job and in training Pursuing a Degree If you are just getting started on your undergraduate or graduate degree and you know that IT Security is the field for you, then one of the National Security. .. on-site incentives to their employees out of generosity, in reality, an employee who is offered on-site conveniences not only is a happy employee but also one with a diminished need to leave the office to take care of personal responsibilities Make sure that you determine which on-site benefits are truly important to your work environment and which ones are “cool” but trivial benefits whose merits... and supporting the worldwide security program for the Defense Information Systems Agency (DISA), directly supporting Field Security Operations (FSO) He was a participant in the development of the Systems Security Engineering Capability Maturity Model (SSE-CMM) and has been a key individual in the development and maintenance of the Information Assurance Capability Maturity Model (IA-CMM) Ed also serves... jobs Hence, it is imperative that you not burn any bridges on your way out the door Make it a point to keep in touch with all your former co-workers The IT community and specifically the IT Security community can be rather small If you have burned a bridge once or twice on the way out the door, you may want to think about a career change We heard in a movie once that truck driving can be quite lucrative... IAM/IEM) is the Chief Technology Officer and Principal Security Consultant for Security Horizon, Inc Brian has more than 15 years of experience as an IT professional Before joining Security Horizon, he served in a wide range of information technology positions in both domestic and international environments He was a network administrator for a major university, eventually migrating to system administrator... Wireless Security Wired Equivalent Privacy (WEP) WiFi Protected Access (WPA) Rogue Wireless Devices What Is a Rogue Access Point? What Is a Rogue Client? How Do You Detect a Rogue Wireless Device? How Can You Become a Rogue Access Point? Summary Interview Q&A Recommended Reading Chapter 9: Finding Your Posture History of Information Security Modern Information Security Security Objectives Determining the Security. .. individual needs to know in order to get a job in the information security field We cover topics that we believe are most important for security professionals in 2007 Done! However, I invite you to read further because important information follows Over view of the Book This book is a hitchhiker’s guide to the information security field It is short and sweet and gets right to the point regarding what . ii IT Security Interviews Exposed 79872ffirs.qxd:WroxPro 6/12/07 3:54 PM Page i 79872ffirs.qxd:WroxPro 6/12/07 3:54 PM Page ii IT Security Interviews Exposed Secrets. Information Security 167 Modern Information Security 168 Security Objectives 170 Determining the Security Posture 172 Risk Assessments 172 Vulnerability Assessments