JeffBolden.net

Sorry for the lack of updates the past month or so, and it’s not for lack of events to share. In fact, it’s been quite the opposite and I’ve just been too busy to check in. It’s funny how fast time moves by when you have a lot going on. =)

So, the big news for me is on the career front. As it turns out, about 4-5 weeks ago I left my glamorous jetsetting (ahh, sweet sweet sarcasm…) Internal IT Auditor position for some real RockStar status. I can hear all of you asking, “Jeff, what could possibly make me want to leave the excitement and thrills of internal IT audit?” Seriously though, the past 4 months or so I’ve been really examining my career and taking a long hard look at what I like and dislike in my day to day grind and came to the conclusion that being an auditor was not the direction I wanted to continue in. Add that to the fact that after working in the banking/finance industry now for almost 8 years I was quickly reaching the point of complete and utter PCI/GLBA/FFIEC burnout, and I could see the writing on the wall.

I like to keep my hands “dirty” so to speak and not being able to directly solve the security and IT problems I see on a daily basis was just too much for me. Quite frankly, I’m an ops guy, I like getting in and actually working on the tech. I knew that already, but sometimes it takes me longer to figure things out than others. =)

So, during this period of realization one day in April, I just happened to stumbled across my “dream opportunity”. I’ve always wanted to find a position where I could get in to a small startup on the ground floor and build a world-class IT dept/infrastructure from the beginning. Someplace small and nimble yet with the same IT needs and issues as the big boys. Someplace I could go that I didn’t have to worry about what FFIEC says, but how things really should be. Not “security for regulatory’s sake”, but real, common-sense security. After years of shaking my head at the PHB’s stupid IT decisions I wanted to go someplace I could “put my money where my mouth was” (so to speak) and see if I could do it better. Careful what you wish for… =)

So, the opportunity presented itself and things moved extremely quickly from there. Suddenly I’m no longer in banking, and I’ve had more fun in the past 4 weeks then I have in the previous 4 years! It’s been hectic and challenging as I shake off the rust on some of my technical skills, but I have not had this much enjoyment going to work in years.

The new position? Director of IT for an up and coming startup here in Portland called Iterasi. We’ve just gone beta, so be sure to check it out.

After a month or two of pretty regular study I finally got my Certified Information Systems Auditor (CISA) test done a week ago and then promptly took a much-deserved week off for vacation. Now comes the 10-week wait for the results. You would think in this day and age they could get you the results a little faster, but such is life I guess.

The test itself was one of the more difficult ones I’ve taken due to the subjectivity of the questions. There were too many questions where you had to make a decision on the “most right” answer, and it seemed to me like it tests your ability to decide what ISACA wants you to say more than your actual knowledge of the material. I’ve yet to fail a cert test, but I’m really unsure as to my success on this one.

As an FYI, I used the Sybex CISA Study guide and found it to be an excellent guide of the material. I also used the official ISACA CISA Test Question CD for review.

This is Jeff Bolden’s little corner of cyberspace and will be home to my professional life of Information Security in the upcoming months.