This post was originally published on the InfoSec Mentors blog on Tuesday, December 28, 2010
Guest Interview: Hadi El-Khoury and Jimmy Vo “Mentor & Mentee Q&A”
Today, our guest bloggers are Hadi El-Khoury and Jimmy Vo. Hadi and Jimmy are participants in the InfoSecMentors Project as mentor and mentee, respectively. This pair has been kind enough to keep us posted on their progress in the mentorship via updates on Twitter, and they have sent us the interview below where they both weigh in on several questions relating to mentoring in Information Security.
1. How long have you been in the program?
Jimmy: Hadi had indicated that we’ve been in the InfoSec mentor program for about 6 months. Time flies when you’re having fun.
Hadi: Indeed, mentoring Jimmy has been so enjoyable since he’s keen on pushing forward in real life the new ideas and concepts we’ve been discussing.
2. What are your backgrounds?
Jimmy: I am a recent college graduate from Richard Stockton College of New Jersey with my B.S in Computer Science/Information Systems, specializing in an Information Systems concentration. The Information systems concentration was more business orientated, which I found helpful already. I’ve worked part time help desk positions during my undergrad studies. I’ve started my first full time position as an IT Systems Analyst for a small business. I’ve always gravitated towards information security and had an interest in hacking. Most of my undergrad research was centered on information security. I’m currently attending Boston University for my M.S in Computer Information Systems – Security Concentration.
Hadi: I hold a post-graduate degree in Network and Information Systems Security from the French Ecole Nationale Supérieure des Télécommunications. Prior to that, I graduated from the Beirut School of Engineering ESIB with a specialization in telecommunications. I am currently a Security Consulting Manager. For the last ten years, I’ve been dealing with information security and business continuity subjects on technical, organizational and business levels in line with ISMS (Information Security Management System) implementation while taking advantage of quality and business process management aspects for large financial institutions and critical private operators across Europe and the MENA region.
3. What were the main logistical challenges?
Jimmy: Hadi resides in Paris, France so there is a six hour time difference. Despite the time difference we meet weekly via Skype. We usually chat for about an hour to an hour and a half about various topics which I’ll go into detail later.
Hadi: Indeed, since it’s often past midnight Paris time when Jimmy and I meet through Skype, I have to keep a Coke can by my side to regain some energy after a long day at work.
4. What were the covered topics? (Hard Skills)
Jimmy: One of my main focuses is business continuity planning. We developed a plan to create a business continuity plan which involved business process modeling, dealing with vendors in regards to SLA, coming up with metrics, determining risks, and various other BCP related topics.
We also discussed ways to improve an IT infrastructure, such as concepts like ITIL and other ISO standards. We also discussed various information security topics which deal with metrics, creating security awareness, OS hardening, integrating security into BCP, web application firewalls and securing the SDLC.
Hadi: I am always stressing the importance of bridging the gap between the various disciplines governing IT, HR, business process modeling, information security, business continuity, risk analysis, to name of few…. Information security and business continuity are transversal by essence and should be dealt with as such.
5. What skills categories were covered? (Soft Skills)
Jimmy: A great amount of emphasis is focused on developing soft skills that are essential to my success. We discussed effective communication with other business units. Hadi discussed the importance of working across different “silos” in order to assist in my organization’s success. There was discussion on persuasion and negotiation techniques. We talked of project management techniques to prevent project failures. Our mentorship was more than being technically able; it was about being approachable and tightly integrating technical initiatives within an organization.
Hadi: The best “geek” in the world will remain unnoticed if he doesn’t possess a minimum of soft skills, namely the ones just mentioned by Jimmy. When it comes to information security and business continuity, organizations are so reluctant to change their approach that the battle won’t be won unless a significant load of soft skills is invested. To support this, I share the following quote from Wall Street Journal Deputy Managing Editor Alan Murray as he was discussing some of the lessons new managers can learn from his new book, “The Wall Street Journal Essential Guide to Management.” It reads: “Even best-managed companies aren’t protected from this destructive clash between whirlwind change & corporate inertia”. IMHO, corporate inertia will exclusively be defeated by soft skills.
6. What was the used approach? (use cases, transversality, feedback, …)
Jimmy: From my perspective, Hadi has coached me rather than taught me. We didn’t spend our Skype sessions on going over step by step of configuring an intrusion detection system. Our discussions are at a higher level, which worked very effectively for me. I can just read a manual or Google a tutorial on deploying an IDS. In the contrary, I can’t read a manual on convincing management on the requirement of an IDS. Sometimes Hadi will assign me “assignments” which we go over during the following meeting. We also discuss interesting InfoSec related articles and try to apply them.
Hadi: In addition, I’ll just mention the mindset changing “Security by Analogy” approach. Readers can find an excellent example at the ISECOM website. I personally love the Electrician example, since it constitutes IMHO the very basic foundation of Information Security and Business Continuity.
7. What were the quick wins? (ROI, …)
Jimmy: One of the quickest wins was learning how to deal with salary negotiations. This was a skill that wasn’t taught in college. In the end, I was able to negotiate for more benefits. I was able to implement some initiatives for my organization with the help of Hadi. I see the wins every day at my workplace because of the knowledge and coaching I’m receiving.
Hadi: Every Skype session with Jimmy is a quick win by itself since his motivation remains constant and his open mindset is ready to bust a new corporate silo. Jimmy is trying hard to tackle things properly each day despite corporate inertia. These are valuable assets for any wannabe Infosec practitioner.
8. What are the induced projects?
Jimmy: My experiences beginning my professional career and discussions Hadi had motivated me to start a blog called Above Technical (.com). There are many technical blogs that focus on the mechanics of technology and/or information security. These skills are very important but the soft skills to communicate with others in an organization are even more important. The blog is focused on what I learn and the tips I’ve gathered in hopes to post some useful content for others.
Hadi: Besides naturally contributing to Jimmy’s new blog, I’m evaluating the feasibility of a larger scale mentoring program that takes advantage of the InfoSecMentors experience along with online news aggregators.
9. What’s new on your bookshelves?
Jimmy: The newest book I’m reading is Yes! 50 Scientifically Proven ways to Be Persuasive by Noah J. Goldstein, Steve J. Martin, and Robert B. Cialdini. It’s a book Hadi had recommended for me.
Hadi: Jimmy introduced me to the Toastmasters International website. I’m looking forward to delving into their leadership concepts.
You can find Jimmy Vo on Twitter: