Building a Life and Career in Security

By Jay Schulman

As I’ve looked at my own path and helped others along their journey, there is a framework for success in information security.

My goal in writing this book is give you the confidence to grow your own career in information security. I’ve analyzed my career and the careers of others to design a plan to build a successful career in information security.

My focus is on how you can use the content you know along with broadening your knowledge to give you an advantage in getting a promotion or moving to a new opportunity.

In the short term, this book can be your mentor to guiding your career. As you will read in the chapters in this book, I encourage you to get your own mentor to help you on a day-to-day basis with the unique problems you may face. (And make sure they've read the book too!)

Structure of the Book
The book is broken up into three main sections. The idea of each section is to build a foundation and grow that foundation throughout the book. Even if you're well into your career, there is a lot to learn from each section. Additionally, it's a great resource if you're a mentor to others.

Day 1
A guide to building your career in information security. This includes learning about security, certifications such as the CISSP and CISA, an overview of regulations and compliance, the basics of security including IP Addressing, ports, the OSI model, and others.

Year 1
A guide from moving to a security analyst or pen tester to a manager or principal. This section includes how to be a great manager, communications, moving away from the technology and into management.

Year 10
A guide to growing into an information security executive. This includes some foundational CISO principles for communicating security issues to non-technology executives.

About The Author
I blog at JaySchulman.com about building your life and career in information security. I also have a podcast on iTunes called Building a Life and Career in Security Podcast. I'm currently a Managing Principal at Cigital, Inc and lead our Midwest Practice. I focus at Cigital on software security and application security initiatives including BSIMM measurements, program strategy and development, mobile application security (including iOS, Android and mobile frameworks such as PhoneGap), web application security, product security, medical device security and penetration testing.

At KPMG LLP, I was a Managing Director and National Leader for Identity Management. I also previously served as Business Information Security Officer at JPMorganChase where I managed security operations, engineering and architecture for a Global Information Security Line of Business.

I help security teams develop their information security programs and capabilities. I help CISOs, CIOs and CFOs understand and react to enterprise security risks and protect against attacks. I want to build information security organizations which enable the business. Information Security shouldn't be about saying "no" but about finding a way to get to "yes." I believe in strong security processes supported by a well lead team and strategic security technologies.

• Language: English
• Publisher: Jay Schulman
• Release date: Feb 17, 2017
• ISBN: 9781370855360

Jay Schulman

Hi, I'm Jay Schulman. I'm an information security consultant living in Chicago. I like to talk. But when no one's listening, I write. Useless Things You Should Know About Me: - I've never lived outside the state of Illinois. - But I've traveled to 48 out of 50 states. (Montana and Hawaii are on the bucket list.) - I fly so much on Southwest Airlines that my wife can fly free with me wherever I go. - Unfortunately I haven't reached the point where my two kids can also fly free. - In 1999, the FBI said they didn't need someone with my skills. - Also in 1999, Playboy said they needed my skills. Security skills, that is. - I turned them down to work for KPMG. - It worked out ok. 10 years employment. They found me my wife. And how to be a great manager. - And great examples of how not to manage people. My Day Job: I help security teams develop their information security programs and capabilities. I help CISOs, CIOs and CFOs understand and react to enterprise security risks and protect against attacks. I want to build information security organizations which enable the business. Information Security shouldn't be about saying "no" but about finding a way to get to "yes." I believe in strong security processes supported by a well lead team and strategic security technologies.

Book preview

Building a Life and Career in Security

A Guide from Day 1 to Building A Life and Career in Information Security

Jay Schulman

Continue to Get Information On Growing Your Information Security Career at:

JaySchulman.com

Copyright © 2015-2017 Jay Schulman

All rights reserved.

Smashwords Edition

Building A Life and Career in Security

Table of Contents

Why I Wrote This Book

How You Should Use This Book

Chapter 1. Day 1

Chapter 2. Security Bootcamp

Chapter 3. Year 1

Chapter 4. Year 10

Chapter 5. Where To Go From Here

About The Author

Other Books By Jay Schulman

One Last Thing...

Why I Wrote This Book

From college to today, my career has taken an atypical road. I did not wake up in High School and say, I want to be in information security. In fact, I thought I should stay away from technology altogether because it was too fun to make into a career.

While I have had great mentors throughout the years, I have agonized over many decisions and, in hindsight, made some goofy choices. Overall, I have been very lucky.

Some of that luck created lessons that are teachable. As I have looked at my own path and helped others along their journey, I believe there is a framework for success in information security.

My goal in writing this book is to give you the confidence to grow your own career in information security. I have analyzed my career and the careers of others to design a plan to build a successful career in information security.

Nothing in this book is going to teach you the content. Instead, my focus is on how you can use the content you know and expand your knowledge base to give you an advantage in getting a promotion or moving to a new opportunity.

In the short term, this book can be your mentor to guiding your career. As you will read in the chapters ahead, I encourage you to get your own mentor to help you on a day-to-day basis with the unique problems you may face. (Make sure they have read the book too!)

Thanks for reading the book and I hope you find it valuable.

How You Should Use This Book

The book is a more in-depth guide to what I write about at JaySchulman.com. I have put together a set of bonuses including videos and supplementary materials for readers of the book. To get the bonuses, go to JaySchulman.com/book-bonus and download them now.

The book itself is split up into three sections, Day 1, Year 1 and Year 10. Before you jump right to where you are in your career, I would encourage you to read the book straight through. I think this is especially true if you are going to mentor someone in security.

Day 1

Day 1 is for people just starting their career in information security. It is great for people thinking about information security as a career or just about to start a job in the field. If you have been in security longer than a year, I encourage you to read this chapter so you can better help others you work with or learn how to mentor to help someone who