Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Pro File: IT Risk Manager Julie Fetcho
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/6/2014 | 12:15:59 PM
Re: Great profile, raises interesting questions
I think the higher bar is more relative to the capability, and willingness, of people to do the work necessary to implement and manage an InfoSec program of any kind.

Most of the systems technicians I meet are NOT interested in doing the documentation "slog" that is SOP for any InfoSec pro.  They like the technical work, but not the writing work.

Also, most people from the technical side of the InfoSec equation prefer to NOT engage in learning the "soft skills" or people skills necessary to help get things done.  Some of them may not even be capable to interact with people outside of the technical facilities.

Often I have to poke SAs AND business owners for the most basic documentation (or even decisions) regarding systems and processes.  From my 10 years of IA experience (outside of the DoD) the people who do get into InfoSec career fields (and do well at it) have a willingness and knack for the documentation efforts involved AND the people skills necessary to help make things happen.

Hrmm...  sounds like a similar problem that organizations have finding good managers.

Again, this is my assessment based on my experiences.  Others may have a different viewpoint.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
5/6/2014 | 11:37:27 AM
Re: Great profile, raises interesting questions
Thanks, @AlSitte. It doesn't surprise me that many InfoSec professionals, like yourself, grew into the job from a more general IT background. What surprises me is that there seems to be a higher bar for entering the InfoSec profession today. (See Flash Poll: Your Take On The IT Security Skills Gap)

User Rank: Apprentice
5/6/2014 | 11:01:18 AM
Re: Great profile, raises interesting questions
I have to admit that most of the InfoSec professionals I have met or worked with have come from one IT relevant field or another.  To be honest, I am also in that background category.

I fell into InfoSec by close association.  As a member (now retired) of the US military, InfoSec became second nature to the technical work I conducted.  A technician in the military lives a very regimented InfoSec life.  As such, it is not uncommon for the DoD IA professionals to be drawn from the systems technician teams.  The technical knowledge these people have gained by working in the field augments the capability to conduct the InfoSec work they must do.

I would not be surprised if this happens quite often outside of the DoD or Federal IT world.  System technicians often get tasked with applying InfoSec policy due to the technical nature of many controls.  The best InfoSec professionals I know have a deep technical background that allows them to see when systems technicians are blowing smoke.

Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
5/5/2014 | 5:17:48 PM
Re: Great profile, raises interesting questions
That's an interesting question, Marilyn. I would love to hear from our readers if they have had similar paths, or know of some co-workers who have.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
5/5/2014 | 9:18:15 AM
Great profile, raises interesting questions
I really enjoyed reading this profile, and it raises a really important question about the so-called skills shortage in InfoSec today. Is it still possible for someone to "fall into" a cybersecurity career, as Julie did, learn the ropes on the job and achieve success in a management position? 

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-08-16
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution in a victims browser.
PUBLISHED: 2022-08-16
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.
PUBLISHED: 2022-08-16
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the userâ€â&b...
PUBLISHED: 2022-08-16
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
PUBLISHED: 2022-08-16
The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. They utilize the ROC protocol (4000/TCP, 5000/TCP) for communications between a master terminal and RTUs. Opcode 203 of this protocol allows a master terminal to transfer files to and from the fl...