Security Professionals Are Masters of Their Domain

Over the years in my work as an independent information security consultant, I’ve had the opportunity to meet and work closely with many IT and security professionals. The people I’ve met always seem to have good control of their systems, often despite limited resources, including those involving professional development. It’s humbling to me, a guy who has to know a little about a lot, when I meet IT and security professionals who are masters of their environments — who know a lot about a lot.

However, one thing that has always stood out to me is the lack of formal training these professionals have — not only in the past but, more importantly, the absence of ongoing professional development today. I often attend some of the larger IT and security conferences such as RSA Conference and Interop, and it would appear that budgets are available and professionals are getting the information and exposure they need. However, in all my years talking with these people, I have yet to come across any one person or business that has a dedicated annual budget to IT and security training.

Support From Management Is Critical

I often hear: “There’s no money,” “there’s no time” and “there’s no one to back me up when I’m out.” Perhaps it’s a curse of working at midmarket enterprises and smaller startups, which make up most of my client base. I don’t believe it’s that simple, though. I think the main challenge with IT and security professional development goes back to one of the core reasons that we still struggle with security: a lack of managerial support.

Many executives (still, in 2015) don’t get IT and security; therefore, it’s not a priority for them. Or they assume that just because their staff members have certain degrees or certifications, or because they do technical work day in and day out, they will remain technically proficient and on top of things. This couldn’t be further from the truth. It could be argued that this lack of support is just as much the responsibility of IT and security professionals as it is business leaders, but that’s for another discussion.

The Need for Professional Development

The bottom line is that the fields of IT and information security are evolving rapidly — arguably faster than any other professional field. Look at the importance of these functions today: Businesses are fully dependent on things running smoothly. Yet it doesn’t appear, at least to me, that a proportionate allocation of resources goes toward keeping the very people responsible for these critical business functions properly educated.

Do what’s needed to get your subordinates, peers or even yourself out of the office and into some classes, seminars and conferences. Everyone you bump into at these events — from presenters and instructors to vendors and even other attendees — can have a positive impact. That’s good for the individuals attending, but it’s also great for the business overall.

More from Risk Management

OneNote, Many Problems? The New Phishing Framework

There are plenty of phish in the digital sea, and attackers are constantly looking for new bait that helps them bypass security perimeters and land in user inboxes.Their newest hook? OneNote documents. First noticed in December 2022, this phishing framework has seen success in fooling multiple antivirus (AV) tools by using .one file extensions, and January 2023 saw an attack uptick as compromises continued.While this novel notes approach will eventually be phased out as phishing defenses catch up, current conditions…

The Role of Finance Departments in Cybersecurity

Consumers are becoming more aware of the data companies collect about them, and place high importance on data security and privacy. Though consumers aren’t aware of every data breach, they are justifiably concerned about what happens to the data companies collect. A recent study of consumer views on data privacy and security revealed consumers are more careful about sharing data. The majority of respondents (87%) say they wouldn’t do business with companies that appear to have weak security. Study participants also…

What Does a Network Security Engineer Do?

Cybersecurity is complex. The digital transformation, remote work and the ever-evolving threat landscape require different tools and different skill sets. Systems must be in place to protect endpoints, identities and a borderless network perimeter. The job role responsible for handling this complex security infrastructure is the network security engineer. In a nutshell, the network security engineer is the person who is responsible for the design and implementation of the organization’s security system, ensuring there are no gaps or vulnerabilities for…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…