Over my career I have discovered that experience is power. The wisdom that you gain working hands-on in the field can do wonders for your advancement.
Having attended the 2016 RSA Conference earlier this year, I couldn’t help but think about the value such security conferences bring to IT and security professionals and their careers, the value they bring to their colleagues and team members and, most importantly, the value brought to the business overall in terms attendees truly understanding what security is about.
I learned these lessons early on in my career while attending Novell’s BrainShare conference. Having attended that show five years in a row, I felt like I truly became an expert — not only in Novell’s products, but also in their implementation, management and overall integration into the businesses for which I was working at the time.
The Value of Security Conferences
Fast-forward to today and I get very similar benefits from the similar conferences and shows. For every year that passes working in information security, the more I realize what I don’t know about the field. Exposing yourself to keynote presentations and the vendors on the show floor is a great way to stay current. Additionally, attending specific sessions and rubbing elbows with experts in the field and your own peers is the only true way to stay current with the latest technologies, tools and methodologies necessary to be at the top of your security game.
Given how many people attend the RSA Conference, one would assume that virtually every information security professional would be in attendance. However, after talking with my clients and business colleagues, it seems that people who attend such shows are in the minority.
In fact, I have yet to come across an organization that has a specific budget for ongoing security training that provides the individuals in charge with the opportunity to attend conferences, classes and seminars. It blows my mind that the budgets are not allocated in advance, but it’s just as puzzling knowing how many IT and security professionals aren’t even interested in attending. If everything would crumble down because you simply leave the office for a few days, then you probably have bigger security problems. Do some knowledge transfer to a trusted insider or consultant to keep things afloat.
If anything, the mere act of getting away from the office will clear your head and do wonders for your insight and productivity. Solutions to your existing security problems might just be as close as a cross-country flight or quick one-on-one discussion with a security product vendor.
What You Can Do
I’m a firm believer that not much has changed regarding information security essentials over the past few decades. I do believe, however, that technologies and business needs are evolving. Integrating old-school security principles with today’s challenges is where the focus needs to be.
Do what you can to send your staff members to security conferences. Make it a budget line item that gets replenished every year. If you’re in charge of your own training, do what you can to make the case to invest the time, money and effort away from the office. The RSA Conference even has a page dedicated to this subject to help you get started.
You don’t have to go to every big security conference every year. There are local shows that can help fill in the blanks. Just make sure that you’re attending events periodically and consistently over time. It’s the only proven way to take your skills up several notches in such a short period and with a relatively small investment.
Independent Information Security Consultant