October 7, 2015 By Kevin Beaver 2 min read

Security Professionals Are Masters of Their Domain

Over the years in my work as an independent information security consultant, I’ve had the opportunity to meet and work closely with many IT and security professionals. The people I’ve met always seem to have good control of their systems, often despite limited resources, including those involving professional development. It’s humbling to me, a guy who has to know a little about a lot, when I meet IT and security professionals who are masters of their environments — who know a lot about a lot.

However, one thing that has always stood out to me is the lack of formal training these professionals have — not only in the past but, more importantly, the absence of ongoing professional development today. I often attend some of the larger IT and security conferences such as RSA Conference and Interop, and it would appear that budgets are available and professionals are getting the information and exposure they need. However, in all my years talking with these people, I have yet to come across any one person or business that has a dedicated annual budget to IT and security training.

Support From Management Is Critical

I often hear: “There’s no money,” “there’s no time” and “there’s no one to back me up when I’m out.” Perhaps it’s a curse of working at midmarket enterprises and smaller startups, which make up most of my client base. I don’t believe it’s that simple, though. I think the main challenge with IT and security professional development goes back to one of the core reasons that we still struggle with security: a lack of managerial support.

Many executives (still, in 2015) don’t get IT and security; therefore, it’s not a priority for them. Or they assume that just because their staff members have certain degrees or certifications, or because they do technical work day in and day out, they will remain technically proficient and on top of things. This couldn’t be further from the truth. It could be argued that this lack of support is just as much the responsibility of IT and security professionals as it is business leaders, but that’s for another discussion.

The Need for Professional Development

The bottom line is that the fields of IT and information security are evolving rapidly — arguably faster than any other professional field. Look at the importance of these functions today: Businesses are fully dependent on things running smoothly. Yet it doesn’t appear, at least to me, that a proportionate allocation of resources goes toward keeping the very people responsible for these critical business functions properly educated.

Do what’s needed to get your subordinates, peers or even yourself out of the office and into some classes, seminars and conferences. Everyone you bump into at these events — from presenters and instructors to vendors and even other attendees — can have a positive impact. That’s good for the individuals attending, but it’s also great for the business overall.

More from Risk Management

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Roundup: The top ransomware stories of 2024

2 min read - The year 2024 saw a marked increase in the competence, aggression and unpredictability of ransomware attackers. Nearly all the key numbers are up — more ransomware gangs, bigger targets and higher payouts. Malicious ransomware groups also focus on critical infrastructure and supply chains, raising the stakes for victims and increasing the motivation to cooperate.Here are the biggest ransomware stories of 2024.Ransomware payments reach record highRansomware payments surged to record highs in 2024. In the first half of the year, victims…

83% of organizations reported insider attacks in 2024

4 min read - According to Cybersecurity Insiders' recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% to 21% in the last 12 months.With insider threats on the rise, it’s critical for businesses to recognize the real dangers that originate from inside…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today