Name: Ed Zeitler
Title/Employer: Executive Director for (ISC)
Age: 63
Education/certifications: Bachelor's in Math, Master's in Systems Engineering, Certified Information Systems Security Professional (CISSP'), have held brokerage Series 6 & 7 licenses
Tenure in IT industry: 39 years
First ever tech job:
Computer operator for the data center at the University of Arizona. Later on I fell into the field of IT by accident. At the time, I was an engineer at Rockwell working on radar systems and the shuttle's operating systems when I heard they were looking for someone who could manage the performance/configuration of the data center. My recent schooling was perfect for the job and I made the move from engineer to IT.
Current role:
Manage the functioning of a global 50,000-plus member certification body, which involves, among other things, candidate testing, member support, credential maintenance, and education programs. (ISC)'s mission is to professionalize the practice of information security. I work with a wide variety of organizations, information security professionals, academic bodies, and other stakeholders to achieve that mission and to build awareness of the value of information security certification and education.
|
|
|
For more expert career advice and articles on
career issues and topics, visit TechCareers.
| |
|
|
|
What's been your best job and why?
My present job, because I'm in a position to make decisions that make a difference both within the company and in the profession.
What do you think is the number one non-IT skill security professionals need today?
Solid business sense and an understanding of your organization's risk appetite.
What do you credit your career success to /
A mix of a general and technical education, varied professional experience (by working in different industries), and business sense are all important. Also, I've been fortunate to be in the right place at the right time. I've gotten to be both witness to and participant in the evolution of the profession at the same time. When I started in information security, it was a small technical job within a data center. Over the course of my career, I've been able to grow to CISO status within several global corporations.
What are the top three skills a high-level security professional needs today?
In order of priority, ability to communicate, manage people, robust technical knowledge.
What is the biggest difference of working in IT security today than say 10 years ago?
Professionals have more responsibility and growing visibility as the profession has come out of the back office data center and reached senior management levels. Information security is more connected with business risks.
What's your favorite IT resource site and why?
As a CISO, I used the SANS Internet Storm Center because they had the most current information and I could receive urgent updates at my computer.
What is the best career advice you've ever received?
I've largely had to find my own way, much like many folks starting out in this field 20 years ago. I can't recall any specific advice, but I've learned along the way that no matter what position you're in or who you work for, it's critical to maintain your integrity.
What's the top advice you'd give to a new IT staffer?
Come out of your IT comfort zone! Don't hide behind your technical skills. Develop outside interests and cultivate people skills and relationships. Also, maintain your professionalism and integrity at all costs. If your integrity is questionable, it doesn't matter how much you know. I know some brilliant people that I would not hire.
What would you advise someone looking to find the type of role you have or have had in the past?
If you're going to move ahead, you need to be a leader and be able to make a difference. One vehicle to assist in achieving a senior position is to obtain an (ISC) certification, such as the CISSP, which provides employers with an objective measure of knowledge, skills and experience. When I was doing a technical job at Rockwell, I found that I would generate a report or proposal or offer a recommendation, which the managers would present in a meeting I wasn't invited to and come out with a decision that not only didn't make sense but wasn't the best course for the company. The only way to be effective at your job (i.e., to protect the organization) is to make sure that you're part of the decision-making process. You can stay technical all your life, but if you do, you'll miss out on the opportunity to effect real change in your company.
What is the one career decision you would change if you could?
I regret not finishing my Ph.D. My dissertation was on statistical analysis of computer operating systems. I used a simulator, and they wanted a chapter written on the certification of the simulator. I didn't feel that was required, and I was tired of the process. The day after my oral exam, a moving van took my things and moved me to my new job at Rockwell.
If you had the choice to jump into any other job, tech or non-tech, what would it be? Professional pilot.
Other recent articles from TechCareers
Career Profile: IT Leader
President/CEO, R & H Security Consulting LLC
Become a member to take advantage of more features, like commenting and voting.
Register or sign in today!