Saturday, June 21, 2008

I Don't Want to Be an Auditor!

Audits are fun things. I have been sitting in on parts of an audit to meet government requirements for the past two weeks and it has reinforced that I don't really want to go over to that side of the fence.

In some ways, it is funny watching the process, as some auditors find ways to make black and white rules to evaluate somewhat vague requirements. I had thought PCI requirements were vague at one point, but these have even more areas where they could use clarity. At least we have the auditor's notes version with the PCI standard, but these were missing even that.

It does demonstrate that sometimes such audits are needed to get the necessary pressure to do all the right things. Getting strong security in place is a big challenge in many areas. No one wants to be insecure, but people often don't realize it until they have the shortcomings put forth so clearly.

An unfortunate part of this is that the requirements being evaluated are not always clear. While auditors deal with the black and white I mentioned above, the requirements don't always clarify exactly what should be covered by the audit, no matter how much the auditor may want it to be cut and dried.

It is ironic that I plan on achieving my GIAC GSE-Complaince in light of this, but I still plan on pursing that. Hopefully having some solid audit knowledge will help me be an even stronger information security professional.

Sunday, June 15, 2008

SANS SEC 401 Mentored Class in Dallas!

It is official! I will be mentoring a SANS SEC 401 class this fall in Dallas.

The official information is at

It is a great class to get a solid overview of the basics of security. I highly recommend it!

Ironically, I would prefer the 6 day class since that is a better way to get the massive amounts of information. That said, this format is great for anyone who cannot afford 6 work days (really 5) or who wants to get the information in an even more compact format. You will have to do a lot of studying on your own, but you will get an outstanding mentor (me!) and lots of great material.

Do let me know if you want to sign up. I hope to post a special link for that soon. Mention that I "referred you" if you sign up based on this post or some other contact with me. :)