I just received my books for a refresher course in the Systems and Network Auditor training from the SANS organization. It’s an organizational non-event, but the fact that regular security training is now common in the organization is worth reflecting on.
Since we started investing in and training personnel nine years ago, Ipswitch File Transfer now has people on staff with the following security certifications, as well as the attendant experience that goes along with designing, developing and supporting solutions that securely manage interactions.
- CISSP – Certified Information Systems Security Professional by (ISC)2 – An ANSI ISO/IEC Standard 17024:2003 accredited certification approved by the U.S. Department of Defense in both their Managerial (IAM) and Information Assurance Technical (IAT) categories. The U.S. National Security Agency has also adopted this certification as the baseline for its Information Systems Security Engineering Professional (ISSEP) program.
- GSNA – GIAC Systems and Network Auditor by SANS – A certification that identifies an expert in laying out and completing network and security audits using the language of risk and control. (GIAC stands for “Global Information Assurance Certification”.)
- GCIA – GIAC Certified Intrusion Analyst by SANS – A certification that identifies an expert in detecting attacks and probes.
- GCWN – GIAC Certified Windows Security Administrator by SANS – A certification that identifies a Microsoft Windows security expert.
- GCIH – GIAC Certified Incident Handler – A certification that identifies an expert in preparing for and handling a security breach.
- GSEC – GIAC Security Essentials Certification – A certification that identifies an individual who has received general computer security training appropriate for a typical system administrator.
…and the list will continue to grow as companies of all sizes continue to depend on us to take the same or greater care of their data as they would themselves.
So, it’s back to the books for me, but I don’t mind it one bit. Regular refreshment of my auditor credentials helps me to understand the needs of the security and risk management teams and to develop product solutions (both software and services) that meet emerging corporate policies and industry regulations.