noshitsecurity

sincera's pandora

What does it really take?

You’re going to find a mixed bag of qualifications that define whether or not a company thinks you’re fit to do the job. Below is a curated list of what we know people want, and what we know works. This is what you need do the job.



Cybersecurity Qualifications

A holistic understanding and knowledge of the Risk Management Framework (RMF) as defined by NIST (SP) 800-53, NIST SP 800-53A, NIST SP 800-37, and related NIST publications.

Demonstrated experience in the Information Security (Cybersecurity or Information Assurance) field, preferably in support of U.S. Government information systems.

Experience performing information security risk assessments and communicating results to executives and senior management.

Experience providing information security advisory services to internal departments or external clients.

Experience aggregating metrics demonstrating the effectiveness of the security program.

Proficiency with developing, maintaining, and managing Security Authorization and Assessment packages.

Experience with developing and managing Plans of Action & Milestones (POA&M’s).

Experience conducting research and providing review recommendations on software and technologies to address vulnerabilities.

Knowledge of standard concepts, practices, and procedures within project management and program management.

Experience conducting audit log reviews or other security operations functions.

Strong problem solving and analysis skills, self-motivated, and able to work and communicate in a team environment.

Experience performing risk assessments of third parties or service providers.

Experience reviewing vulnerability scans and providing mitigation techniques.

Experienced writing security-related policies and procedures.

Excellent oral and written communication skills.

Excellent documentation skills.



Education Prerequisites:

Bachelor’s degree in Information Security, Information Technology, Computer Science, or similar field.

Information Security or related certification, such as:

(CISSP)

GIAC (e.g. GCIH, GWAPT, GPEN, GSLC, etc.)

CompTIA Security +

CEH



Cybersecurity Responsibilities

Support corporate information security policy development and maintenance

Conduct project risk assessments and support internal security policy audits

Document security policies, controls, mappings, and exceptions in GRC system

Support information security standards and compliance efforts

Support information security awareness campaigns, trainings, and promotions

Perform supplier and service risk assessments

Conduct audits of information systems and cloud services to policies

Support incident response

Support security operations

Support security engineering and controls implementation

Provide billable project surge support when necessary

Interview for ISSO and other security personnel needs

Support business proposal efforts



See something missing? Email it to support@noshitsecurity.com with subject: Career Qualifications