Blog 10

Something very important in my career was getting a certification in Information Security.  I chose the Certified Information Systems Security Professional (CISSP), granted by the International Information System Security Certification Consortium, also known as (ISC)².

I chose this certification, as it was and is considered the most complete one in the industry.  It is a credential that demonstrated that you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program. With a CISSP, you validate your expertise in the industry, as a certain number of years of work experience is required. When I interview candidates for different Information Security positions, I look for this certification, as it gives me a certain level of certainty that this candidate at least understands the different Information Security domains.

Another benefit of having this certification is that it requires you to continue learning and keeping up-to-date with the industry. They require a certain number of hours spent in training or other activities that contributes to the profession. 

A few years ago, I returned to Carnegie Mellon University to get a CISO Executive Training, which helped me comply with this requirement.  Besides the obvious benefit of being back in that amazing place, and the people I got to meet and work with, this training helped me mainly in two ways:

1. I updated my knowledge about Information Security topics with new ways to solve certain issues and new tools.
2. It confirmed that the approaches that I had implemented and was implementing were aligned to the industry’s best practice.

This year, this requirement brought me to writing these blogs! =)