October 7, 2015 By Kevin Beaver 2 min read

Security Professionals Are Masters of Their Domain

Over the years in my work as an independent information security consultant, I’ve had the opportunity to meet and work closely with many IT and security professionals. The people I’ve met always seem to have good control of their systems, often despite limited resources, including those involving professional development. It’s humbling to me, a guy who has to know a little about a lot, when I meet IT and security professionals who are masters of their environments — who know a lot about a lot.

However, one thing that has always stood out to me is the lack of formal training these professionals have — not only in the past but, more importantly, the absence of ongoing professional development today. I often attend some of the larger IT and security conferences such as RSA Conference and Interop, and it would appear that budgets are available and professionals are getting the information and exposure they need. However, in all my years talking with these people, I have yet to come across any one person or business that has a dedicated annual budget to IT and security training.

Support From Management Is Critical

I often hear: “There’s no money,” “there’s no time” and “there’s no one to back me up when I’m out.” Perhaps it’s a curse of working at midmarket enterprises and smaller startups, which make up most of my client base. I don’t believe it’s that simple, though. I think the main challenge with IT and security professional development goes back to one of the core reasons that we still struggle with security: a lack of managerial support.

Many executives (still, in 2015) don’t get IT and security; therefore, it’s not a priority for them. Or they assume that just because their staff members have certain degrees or certifications, or because they do technical work day in and day out, they will remain technically proficient and on top of things. This couldn’t be further from the truth. It could be argued that this lack of support is just as much the responsibility of IT and security professionals as it is business leaders, but that’s for another discussion.

The Need for Professional Development

The bottom line is that the fields of IT and information security are evolving rapidly — arguably faster than any other professional field. Look at the importance of these functions today: Businesses are fully dependent on things running smoothly. Yet it doesn’t appear, at least to me, that a proportionate allocation of resources goes toward keeping the very people responsible for these critical business functions properly educated.

Do what’s needed to get your subordinates, peers or even yourself out of the office and into some classes, seminars and conferences. Everyone you bump into at these events — from presenters and instructors to vendors and even other attendees — can have a positive impact. That’s good for the individuals attending, but it’s also great for the business overall.

More from Risk Management

4 ways to bring cybersecurity into your community

4 min read - It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an organizational responsibility to a global perspective.When every person who uses technology — for work, personal use and school — views cybersecurity as their responsibility, it…

When you shouldn’t patch: Managing your risk factors

4 min read - Look at any article with advice about best practices for cybersecurity, and about third or fourth on that list, you’ll find something about applying patches and updates quickly and regularly. Patching for known vulnerabilities is about as standard as it gets for good cybersecurity hygiene, right up there with using multi-factor authentication and thinking before you click on links in emails from unknown senders.So imagine my surprise when attending Qualys QSC24 in San Diego to hear a number of conference…

CISOs drive the intersection between cyber maturity and business continuity

4 min read - The modern corporate landscape is marked by rapid digital change, heightened cybersecurity threats and an evolving regulatory environment. At the nexus of these pressures sits the chief information security officer (CISO), a role that has gained newfound influence and responsibility.The recent Deloitte Global Future of Cyber Survey underscores this shift, revealing that “being more cyber mature does not make organizations immune to threats; it makes them more resilient when they occur, enabling critical business continuity.” High-cyber-maturity organizations increasingly integrate cybersecurity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today