Being a good InfoSec Manager is hard and very few people start the job fully prepared for and skilled in everything that the job demands to be truly great at it. Yet little else can have as large of an impact to an organization’s overall security as how good or bad of a job the person in this role does. So it isn’t good enough to be a great security engineer now managing the security team, you have to be a great manager. Finally, there are some common pitfalls many skilled security engineers fall into while making the transition to a manager which are job ending and can deprive the community of a promising new leader. In this talk I will be leveraging my own experiences building an InfoSec security team to review where to start, common pitfalls which can be job ending and how to avoid them, and how to use the role to take security to the next level in your organization. The target audience is InfoSec Managers and people who want to make the transition to one. I will encourage participation from the audience and hope to make this an open discussion.
 

John Woods

John Woods is a Security Engineer at Novacoast specializing in penetration testing, security architecture and organization reviews, and security training for clients. John is an IT and security veteran with over 17 years of IT experience and over a decade primarily focused on Information Security. As a consultant John has seen numerous Information Security organizations of all types and became passionate about IT leadership in the Information Security area. Armed with this knowledge and passion John decided to leave consulting and try his hand at leading an Information Security team which he did successfully for 5 years. Now able to look back detached from the role and with the value of hindsight John is excited to share what he learned to further help leaders in Information Security and help the community as a whole.
 

Back to Derbycon 2012 video list