Tidal Wave of Security Knowledge

Courtesy of http://randomwikipedia.blogspot.com/

If you are like me, you are probably thinking, "How the heck am I supposed to fit all this security know-how into this tiny skull?"  Yes, like the caveman, I'm feeling mighty primitive about now trying to improve myself so I can be a better security practitioner and more useful as a business component to my organization.

Here's a bit of advice I'm taking for myself.  Learn policy first.  Procedure and technology changes constantly.  Policy is a slow moving target; a lame duck if you will.  Some of the first things I'm targeting for reading is policy handbooks and security management practices.  Then I figure I'll learn the technology tools once I've understood the meaning of the policies and its intent.  I can't convince my group to do anything unless I can appear confident enough to understand policy.

On my wish list for reading are the DIACAP Handbook, the ISO 27000 series, and NIST Pubs.  I've got an assortment of text books that should keep me very busy for the next year.  I'll share any particularly driving excerpts I find here.