Over my career I have discovered that experience is power. The wisdom that you gain working hands-on in the field can do wonders for your advancement.

Having attended the 2016 RSA Conference earlier this year, I couldn’t help but think about the value such security conferences bring to IT and security professionals and their careers, the value they bring to their colleagues and team members and, most importantly, the value brought to the business overall in terms attendees truly understanding what security is about.

I learned these lessons early on in my career while attending Novell’s BrainShare conference. Having attended that show five years in a row, I felt like I truly became an expert — not only in Novell’s products, but also in their implementation, management and overall integration into the businesses for which I was working at the time.

The Value of Security Conferences

Fast-forward to today and I get very similar benefits from the similar conferences and shows. For every year that passes working in information security, the more I realize what I don’t know about the field. Exposing yourself to keynote presentations and the vendors on the show floor is a great way to stay current. Additionally, attending specific sessions and rubbing elbows with experts in the field and your own peers is the only true way to stay current with the latest technologies, tools and methodologies necessary to be at the top of your security game.

Given how many people attend the RSA Conference, one would assume that virtually every information security professional would be in attendance. However, after talking with my clients and business colleagues, it seems that people who attend such shows are in the minority.

In fact, I have yet to come across an organization that has a specific budget for ongoing security training that provides the individuals in charge with the opportunity to attend conferences, classes and seminars. It blows my mind that the budgets are not allocated in advance, but it’s just as puzzling knowing how many IT and security professionals aren’t even interested in attending. If everything would crumble down because you simply leave the office for a few days, then you probably have bigger security problems. Do some knowledge transfer to a trusted insider or consultant to keep things afloat.

If anything, the mere act of getting away from the office will clear your head and do wonders for your insight and productivity. Solutions to your existing security problems might just be as close as a cross-country flight or quick one-on-one discussion with a security product vendor.

What You Can Do

I’m a firm believer that not much has changed regarding information security essentials over the past few decades. I do believe, however, that technologies and business needs are evolving. Integrating old-school security principles with today’s challenges is where the focus needs to be.

Do what you can to send your staff members to security conferences. Make it a budget line item that gets replenished every year. If you’re in charge of your own training, do what you can to make the case to invest the time, money and effort away from the office. The RSA Conference even has a page dedicated to this subject to help you get started.

You don’t have to go to every big security conference every year. There are local shows that can help fill in the blanks. Just make sure that you’re attending events periodically and consistently over time. It’s the only proven way to take your skills up several notches in such a short period and with a relatively small investment.

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…