How I Spent Friday

Posted April 9th, 2007 by

I was downtown teaching at the City Club of Washington.  It was my favorite day of the series: Security Test and Evaluation and Risk Management (SPs 800-42, 800-53A, and 800-30).

Earl Crane of ISM-Community fame came jumped in at the last minute (I called him the day before) and gave a good hour worth of presentation on Google hacking and the government.

One thing about the Potomac Forum FISMA Fellows program that is very important to understand:  It’s only for government employees.  The only contractors present are the instructors.  That means two things:

  1. We can teach at a very surprising level of depth because we’re not training our competitors.  It leaves the instructors with a bit of a bad aftertaste when you’ve trained somebody to “eat your lunch”.  By restricting the participants to government only, I can teach people exactly how I do things and give them examples to take home in a binder.
  2. Students can talk about particular scenarios in their agency without worrying that the information will go anywhere that it’s not supposed to.  There isn’t any press allowed, and no contractors trying to profit from your misfortune (I’m the world’s worst salesman).

Notice the need in there?  Each government agency is siloed into their own little information security management world and there isn’t really a community of peers among the practitioners.  That’s the niche that the FISMA Fellows program is addressing.

Secretly (Maybe not so secretly because it’s now public knowledge), I love it when people come to my classes and then go back to their agency where they become the “this is how you do it right” gadfly.  From time to time I wonder how many people hate me, even though they haven’t met me, simply because I taught their employees how to be a royal PITA.  The smart ones don’t hate me–they keep sending more people to be trained.



Similar Posts:

Posted in FISMA, NIST, Risk Management, Speaking, Technical | No Comments »

FISMA Fellows Spring Cohort

Posted February 14th, 2007 by

I’ll be teaching FISMA and the NIST Information Assurance Framework in March and April.  This event is restricted to only government employees.  We go down into significant depth and have numerous exercises.  You come out of the 5 days with the skills needed to function as an Information System Security Officer, Certification Agent, or Certification and Accreditation Project Manager.

FISMA Fellows



Similar Posts:

Posted in FISMA, NIST, Speaking | No Comments »

Next Entries »


Visitor Geolocationing Widget: