Originally posted by: SecPro
Originally posted by: Zugzwang152
Originally posted by: SecPro
Originally posted by: Zugzwang152
Security is one of the hottest fields in IT at the moment, with only growth predicted in the future... Surely there's others out there who practice security if not have it in their job title... So, I'm calling you all out. Let's make this forum something before it disappears into nothingness!
I guess you could call me an IT Security professional or maybe just a security professional. 20 years in the .mil, 7 of the last 10 as a Sysadm, network admin, ISSO. Last three not working full time in IT but I went to college and got a BS in MIS and an MS in Operations Management. Hired out of the .mil in 2004 by a major defense contractor as the Manager-IT Security, promoted to Sr. Manager last August and promoted to Director-Security last week when my boss suddenly resigned. I'm now in charge of all the Security for the entire division. I am a CISSP.
Very impressive! Kudos for coming out of the clockwork to join us!
I would love to pick your brain as far as how you're tackling some of the major problems I have on my plate.
If you're able to devulge, how big is your security staff vs. IT department size vs. company size?
I'll try to walk you through it. It's a bit convoluted.
We are are a 2 billion dollar division of a 24 bn dollar corp. Our div. is about 2300 people, 8 sites, seven states.
There are three distinct groups pertinent to this discussion. Company IT, Company Security, and Outsourced IT.
Company IT consists mainly of IT Management (Desktop, Infrastructure, Run $ Maintain, Projects) with a couple of Oracle Admins thrown in.
Company IT consists of both physical and IT security. 2 IT Security people, 12 physical security people, 70 person contract guard force all report to me, Director-Security, and I report to the VP-HR. The IT security people do not report to IT, they report to me.
Outsourced IT does all the desktop, mainframe, mid range, server, networking, etc support.