October 7, 2015 By Kevin Beaver 2 min read

Security Professionals Are Masters of Their Domain

Over the years in my work as an independent information security consultant, I’ve had the opportunity to meet and work closely with many IT and security professionals. The people I’ve met always seem to have good control of their systems, often despite limited resources, including those involving professional development. It’s humbling to me, a guy who has to know a little about a lot, when I meet IT and security professionals who are masters of their environments — who know a lot about a lot.

However, one thing that has always stood out to me is the lack of formal training these professionals have — not only in the past but, more importantly, the absence of ongoing professional development today. I often attend some of the larger IT and security conferences such as RSA Conference and Interop, and it would appear that budgets are available and professionals are getting the information and exposure they need. However, in all my years talking with these people, I have yet to come across any one person or business that has a dedicated annual budget to IT and security training.

Support From Management Is Critical

I often hear: “There’s no money,” “there’s no time” and “there’s no one to back me up when I’m out.” Perhaps it’s a curse of working at midmarket enterprises and smaller startups, which make up most of my client base. I don’t believe it’s that simple, though. I think the main challenge with IT and security professional development goes back to one of the core reasons that we still struggle with security: a lack of managerial support.

Many executives (still, in 2015) don’t get IT and security; therefore, it’s not a priority for them. Or they assume that just because their staff members have certain degrees or certifications, or because they do technical work day in and day out, they will remain technically proficient and on top of things. This couldn’t be further from the truth. It could be argued that this lack of support is just as much the responsibility of IT and security professionals as it is business leaders, but that’s for another discussion.

The Need for Professional Development

The bottom line is that the fields of IT and information security are evolving rapidly — arguably faster than any other professional field. Look at the importance of these functions today: Businesses are fully dependent on things running smoothly. Yet it doesn’t appear, at least to me, that a proportionate allocation of resources goes toward keeping the very people responsible for these critical business functions properly educated.

Do what’s needed to get your subordinates, peers or even yourself out of the office and into some classes, seminars and conferences. Everyone you bump into at these events — from presenters and instructors to vendors and even other attendees — can have a positive impact. That’s good for the individuals attending, but it’s also great for the business overall.

More from Risk Management

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Addressing growing concerns about cybersecurity in manufacturing

4 min read - Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.Apparently, the data being stored in industrial control systems is…

Cybersecurity Awareness Month: Horror stories

4 min read - When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today