Thanks so much for all the responses – sorry I haven’t replied, I went away last night, and only just had a chance to login for my daily STW fix! :-)
Basically, I wont lie – I ‘fell’ into the role about 18 months ago. I’ve been at the company I work for for 7 years, and our IT Director was heavily involved in implementing our ISO27001 certification, and the maintaining of it was too much for him to do as well as his actual IT Director role. So I had just finished a major project I was working on in another department, and then I began to help with the ‘maintenance’ of our ISO27001 certificate and keeping all the other security related policies and controls up to date. So I’m very much on the ‘governance’ side of information security – e.g. I’ve got a good knowledge on the ISO27001 standard (passed a Lead Auditor exam with BSI in July :-) ) however knowledge is VERY much lacking in the technical nitty gritty.
As my role has developed, I now manage our ISO 27001 certification, and deal with all the audits etc – so I really need to get some general network infrastructure knowledge embedded into my brain if i’m going to be able to progress my career.
My money’s on public sector.
^ I wish haha, give me 30-odd holidays anytime!!
At least you can take comfort from the fact that they don’t see IS as a risk in your company
^ We have an in-house Certified Ethical Hacker, conduct external pen tests on all our systems every 6 months, and hold over a Billion records in total…believe me, IS is one of our most-considered risks!
I’m going to look into the CISM course I think, because like someone mentioned above, it’s slightly higher level which will suit me more. Also, great suggestion about the CISSP revision notes, looks like i’m going to have some reading over Xmas!