Professional Development (In General)
Here are tips to improve yourself as a professional. Following this path will make you more
effective in your current role. Pursuit of professional development also helps prepare you for
a future role and the benefits and rewards that come along with it.
Information Security Professional
Many people seek advice for how to become an Information Security (InfoSec) Professional. This page
grew out of e-mail to them and continues to change over time.
Time Management – Control and Efficiency
If your calendar is booked solid and e-mail fills your inbox, a time management system is necessary
to maintain order, improve productivity and maintain a healthy work-life balance. This approach
includes traditional time management techniques blended with pursuit of longer-term goals and
This PowerPoint slide is a good way to visually document a communications plan. If you find it of
interest, start with a piece of paper for ease of use. Write your initials in the center of the
paper and draw three circles around them.
How to Get Promoted
This page focuses on what you need to execute or deliver on to demonstrate leadership. It also
provides leadership qualities and practical advice to help prove you are 'ready now' for promotion.
Job Search Portfolio
This page focuses on how to prepare a job search portfolio. It includes tips for completing a
resume, a career profile slide and how to pull it all together in a portfolio.
Travel Tips: Local, In-Country and International
The need to travel often comes with short notice or when you're busy and do not have much time to prepare. This page
provides a proactive approach to travel, along with recommendations for gear and a checklist you can customize to your needs.
The end result should be travel with convenience and minimal discomfort.
Security Alerts and Threat Data (the Short List)
This content was created in response to a friend who asked for "the short list" of resources I use to keep current on
security news and the threat landscape.
Have You? (Best Practices)
This is a collection of my HaveYou best practices posts. Most of the advice addresses cybersecurity beyond frameworks.
Operational risk and professional development tips are also included.
InfoSec Coffee Break
An InfoSec Coffee Break is a security awareness technique to engage technologists and have meaningful conversations.
Discussions about process and control improvements occur organically. Coffee break calls also result in cultural change,
security advocacy and risk mitigation. Attendees learn along the way and keep current on emerging threats and
Annual Goals and Execution
Here are tips to establish annual goals to drive your program forward. It begins with a brainstorming meeting with the
team. Team members are given credit for their ideas. Program goals are distributed within performance plans. This
approach includes an Initiatives Portfolio to track goals to completion.
CISO Support Model
This is my slide for evaluating CISO opportunities. It can help frame a conversation with Human Resources.
Performance and Development Plans
Performance and development plans help you meet your career goals and can also maximize your chances for receiving a
healthy bonus at the end of the year. Here are five steps to drive your career forward...
Establish a portfolio website to present your work and help hiring managers evaluate you as a candidate. A
portfolio also distinguishes you from the competition. Take your personal branding to the next level and drive
opportunities towards you!
Getting Results with E-mail
Here are three tips to communicate clearly through e-mail. Your coworkers will be more likely to take action. These
techniques help influence and may result in less meetings.
Transitioning from the U.S. Military to a Civilian Career
Here is my advice to prepare for transition from the military to a career in a civilian company. Tips include
training resources, networking with veterans and how to prepare a career profile & a job search portfolio.
Meeting with the CISO
Cybersecurity professionals, here is my advice to meet with your CISO to discuss your career and professional
Career Advice for College Students
Here is my advice to prepare for a career after college. Tips include how to gain experience, resume, LinkedIn
profile, professional networking, career profile and job search portfolio.
When an Exec Asks: Are we Secure?
At least once or twice a year an executive will ask "Are we secure?". That is an opportunity to engage
and gain their partnership and support.
Value–Add of a Cybersecurity Program
This slide speaks to the value-add of a mature cybersecurity program. Supporting narrative provides additional
details. For some this may be aspirational, which is OK.
Zero Trust Controls Menu
Zero trust is a security model that accounts for adversaries within the network and insider threat. This page
addresses controls that can be selected within zero trust design.
This content was created for an executive who needed to conduct a quick evaluation of a cybersecurity
program in the first few days of joining a company. S/he wanted "a short list" of artifacts to review.
Cyber Threat Intelligence Program
Cyber threat intelligence provides visibility into the threat landscape. Threat intelligence should feed
implementation of security monitoring (looking forward) and threat hunting (looking backward). Take action
against new adversarial tactics to protect assets such as payments, sensitive data and intellectual property.
Always Be Closing!
This page provides tips to complete hard-charging performance goals before the end of the year. Always be
Risk Management – Cybersecurity
This slide provides an overview of risk management within a cybersecurity program. Supporting narrative provides additional
details. For some this may be aspirational, which is OK.