Saturday, April 3, 2010

Note taking for CISO's

I have found note taking to by my way of staying at a relatively stable level of sanity.

The first key to successful note taking is that all my notes go into one (Moleskine) book (get them at your local Barnes and Noble stores). It has a hard cover and heavy paper and goes with me wherever I go. Because I have a tendency to capture complex thoughts in diagrams, my choice is the book with blank paper (no lines), but pick what suits your fancy. Each book has 240 pages, which is enough to capture between 6 months and 9 months of my notes.

Colleagues in meetings lovingly refer to it as my little black book (with the DefCon sticker on the front). Because all your notes will be in the book, you'll always have them all.

The second key to successful note taking is to find a good pen. Don't use the $.79 disposable one, but pick one that really is set to your hand. I use Parker Sonnet fountain pens with black ink and a medium-sized nib. Because the Moleskins have heavy paper, the ink doesn't bleed through the pages.

Next, note taking etiquette. Mark every meeting with the title of the meeting (e.g. CIO briefing), the date and a page number (with total page count). Even if you don't take any notes during the meeting, you'll have record of the fact that you attended.

Here are some tips that I have found useful:

Hyphenated list elements: reserved for items I need to bring to the table. For most meetings, I reserve one page ahead of time. While I do other things, I may add list items to the page reserved for that meeting before the agenda actually comes out (if there is one).

Square boxes: reserved for action items I need to follow up on. When the action item has been completed, check it off. Flipping back through the most recent pages of your book will always give you your latest action items that still needs to be addressed.

A typical note page will look something like

-------------------------------------------------------------------------------------------------------------
Managers Status Updates     04/01/2010    1/2

- update: MS OOB
- Vulnerability scan results sucked.
- Firewall is on fire most of the day
- web coding must be improved; XSS are not part of the func. requirements
- please don't hack us next week, as we'll be on vacation

sysadmins: unexpected outage of internet uplink, failover worked

[ ] get details to rule out DoS

desktop grp: antivirus keeps on triggering false positives

[ ] schedule product review and eval alternatives during summer

cio: budget requests approved

[ ] go party
-------------------------------------------------------------------------------------------------------------


Keeping the notes brief and to the point will be enough to trigger your memory, but serves as record of what happened. Labeling them with the date and the title will allow you to quickly find the meeting that you are looking for and the page numbering is just good housekeeping.

Let me know how it played out:)

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.