Seeking a candidate with experience with Security Testing and Evaluation 1-3 yearsIn light of that I have decided to set a few goals for the rest of the year:
Desired experience with performing risk assessment
Understanding of the following tools:
Network mapping tools
Experience with the following frameworks and standards, ISO 27002, NIST SP 800-37, 800-39, 800-53 rev4, and other 800 series standards. An understanding of vulnerability and risk assessment process and procedures. Experience in the generation of management reports and technical remediation plans to address infrastructure concerns.
The Security Assurance team is tasked with enterprise-wide security assessments to baseline organizational assets, critical information systems, emerging technologies and remediation plans. The candidate will analyze assessment efforts to provide management with a complete view of known vulnerabilities and associated risks. Scope of assessment includes but not limited to: a detailed report of all findings or gaps associated with a system(s), the beginning of defining the POA&M and Security Assessment Report SAR deliverables
1. Complete my CCNA Routing and Switching - target 1 July 2016
2. Complete CASP - target 2 Sep 2016
3. Complete CCNA Security - target 30 Dec 2016
and for the beginning of next year
4. CISSP - target 31 Mar 2017
I know everyone will be on pins and needles tracking my progress but if I don't do it this way I won't work on this stuff at all.