How To Become an Effective Security Liaison: Security For the Part-Time Practitioner

Continuing contraction of both corporate and government resources has forced more and more systems professionals and departmental function specialists to add information systems security to their roster of "other duties as assigned." If you are currently operating in this mode or see yourself there in the future, this two-day seminar is for your organization.

We will take a look at these questions and more: How can you be effective as a part-time security practitioner? How can you balance the requirements of your usual work function with the demands of the security job? What do you have to know? What can be set aside, and for how long? What's going to bite you if it doesn't get proper attention?

We'll survey how security works in some of the more popular platforms and identify sources where you can expand your detailed knowledge of the particular security controls available for your own environment. After this course, students will be more able to balance the competing demands of all their sub-jobs and do the security one especially well.

Challenges of part-time— We'll discuss the unique challenges involved in doing any function part-time vs. full-time. We'll look at the difficulties of shifting your mindset to an interrupting task and back again, and give suggestions for minimizing the effects of disruption.

Security role vs. "other"— We will examine the security function as a whole, to give you a broader view of your role and help you see where those potentially devastating errors lurk, waiting to be committed either by act or omission. Learn how others react to you when you are in your "security mode", and how to help avoid misunderstandings that can result when others' views of your role differ from your own.

Information security principles and practices— We'll give you a solid grounding in the philosophies and jargon of information systems security with an eye to tying security principles and practices to even the seemingly unrelated components of your variety of jobs. Discussions will cover not only the "how" but the "why" of security measures (anticipating your need to address that inevitable question by co-workers). You'll learn information security basics: administration, product evaluation, risk analysis, DRP, incident response, awareness, vulnerabilities and countermeasures.

Challenges of being "multi-hatted" — We'll discuss setting priorities and personal goals, relating to co-workers differently in your various roles, gaining the support of others to assist you in your efforts, recognizing situations wherein you must stop and switch functions, leveraging information and techniques from one job function to the other and not losing sight of your primary job. We'll discuss the advantages as well as the downsides of being a part-time security person, especially in regards to how your co-workers react and interrelate with you as you act first in one capacity and then another.

Participative exercises — Throughout the course, you'll engage in exercises designed to confront you with the type of scenarios that you will see as a part-time security practitioner, taking into account corporate politics, group expectations and your need to enlist cooperation now and in the future.

• From team member to "cop": Ways to maintain the relationships and credibility necessary for effectiveness in all components of your job
• Information security basics: administration, product evaluation, risk analysis, DRP, incident response, awareness, vulnerabilities and countermeasures
• How performing security-related tasks well can often concurrently improve other things
• The urgency of troubleshooting vs. the importance of implementing long-term solutions
• Ways to maximize your effectiveness by identifying points of overlap between jobs
• How to avoid losing sight of your primary job

• Completed exercises wherein you explain how you would handle a reality-based pressure scenario