October 7, 2015 By Kevin Beaver 2 min read

Security Professionals Are Masters of Their Domain

Over the years in my work as an independent information security consultant, I’ve had the opportunity to meet and work closely with many IT and security professionals. The people I’ve met always seem to have good control of their systems, often despite limited resources, including those involving professional development. It’s humbling to me, a guy who has to know a little about a lot, when I meet IT and security professionals who are masters of their environments — who know a lot about a lot.

However, one thing that has always stood out to me is the lack of formal training these professionals have — not only in the past but, more importantly, the absence of ongoing professional development today. I often attend some of the larger IT and security conferences such as RSA Conference and Interop, and it would appear that budgets are available and professionals are getting the information and exposure they need. However, in all my years talking with these people, I have yet to come across any one person or business that has a dedicated annual budget to IT and security training.

Support From Management Is Critical

I often hear: “There’s no money,” “there’s no time” and “there’s no one to back me up when I’m out.” Perhaps it’s a curse of working at midmarket enterprises and smaller startups, which make up most of my client base. I don’t believe it’s that simple, though. I think the main challenge with IT and security professional development goes back to one of the core reasons that we still struggle with security: a lack of managerial support.

Many executives (still, in 2015) don’t get IT and security; therefore, it’s not a priority for them. Or they assume that just because their staff members have certain degrees or certifications, or because they do technical work day in and day out, they will remain technically proficient and on top of things. This couldn’t be further from the truth. It could be argued that this lack of support is just as much the responsibility of IT and security professionals as it is business leaders, but that’s for another discussion.

The Need for Professional Development

The bottom line is that the fields of IT and information security are evolving rapidly — arguably faster than any other professional field. Look at the importance of these functions today: Businesses are fully dependent on things running smoothly. Yet it doesn’t appear, at least to me, that a proportionate allocation of resources goes toward keeping the very people responsible for these critical business functions properly educated.

Do what’s needed to get your subordinates, peers or even yourself out of the office and into some classes, seminars and conferences. Everyone you bump into at these events — from presenters and instructors to vendors and even other attendees — can have a positive impact. That’s good for the individuals attending, but it’s also great for the business overall.

More from Risk Management

2024 trends: Were they accurate?

4 min read - The new year always kicks off with a flood of prediction articles; then, 12 months later, our newsfeed is filled with wrap-up articles. But we are often left to wonder if experts got it right in January about how the year would unfold. As we close out 2024, let’s take a moment to go back and see if the crystal balls were working about how the year would play out in cybersecurity.Here are five trends that were often predicted for…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today