Comments
The Troubling Decline Of IT Security Training
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
LancefreeL028
100%
0%
LancefreeL028,
User Rank: Apprentice
12/24/2013 | 6:40:12 AM
Re: People are the problem
I agree we need training. Keep up the good work

 

buikspieren trainen
HaileyMcK
50%
50%
HaileyMcK,
User Rank: Apprentice
11/19/2013 | 10:00:21 AM
People are the problem
Thanks for posting this. You make an incredibly important point. Human ignorance is the biggest tool that hackers use to get access to the networks and systems they target. Users need consistent, targeted reminders about security best practices, and IT professionals need to udnerstand the emerging threat landscape. We need training!
Li Tan
50%
50%
Li Tan,
User Rank: Ninja
11/19/2013 | 8:39:42 AM
Re: Security Training In Any Industry Is Lacking
I think there is no universal standard about the good skill set of IT security professional. The certificate itself is not so much more than a piece of paper. The field experience is really necessary and highly valued asset. Furthermore, as an IT security professional, the business sense is necessary. You can never build a 100% impeccable security system but what you need is a system that fulfil's the real business security needs.
tsdoaks
50%
50%
tsdoaks,
User Rank: Apprentice
11/18/2013 | 8:45:11 PM
Re: Bigger than IT alone
@snunyc: Targeted training or targeted involvement in very business oriented processes via projects would be invaluable. As elementary as this may sound, there is nothing like C level bonding over a large, complex project (cohesive team aligned with a goal). Everyone learns (and suffers) in a way that can build long lasting relationships. Using your understanding of your (business) audience/motivation can make business cases more relatable. But to your point - you must first understand your business.
Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
11/18/2013 | 8:14:33 PM
Re: Bigger than IT alone
@tsdoaks: That's excellent advice, and I think for many CIOs and IT execs the CFO is probably more likely seen as someone to steer clear of rather than work on having in your corner.

Makes perfect sense, though, as does your insight into approaching security from a pure business standpoint. There is a body of research, in addition to information about breaches at your competitors, to draw form in building the business case for security expenditures.

Making that business case can be challenging for some, though. As you rightly note: As a CIO and CISO, it's important that we are able to articulate that clearly and persuasively enough that it doesn't smell like another IT expenditure for the sake of IT.

Does it help, then, for a CIO or CISO to have had some training in a business program? I'm not suggesting a full-blown MBA, just perhaps some targeted training that might help in this regard. What are your thoughts on that idea?
tsdoaks
50%
50%
tsdoaks,
User Rank: Apprentice
11/18/2013 | 7:51:27 PM
Re: Bigger than IT alone
@snunyc: Surprisingly one of the best allies to have is the CFO (to whom I did not report). In our organization the annual financial audits included human behavior regarding security of financial data. She had a vested interest just as I did in making sure we had proper training for IT security personnel as well as the security awareness for all employees. It didn't hurt that she could advocate for me in meetings with the other C-level peers. Who better to have in your corner? The key was finding common ground. In our organization, data is king. If we no longer received data from the feds due to our inability to protect it, we all lost. As a CIO and CISO, it's important that we are able to articulate that clearly and persuasively enough that it doesn't smell like another IT expenditure for the sake of IT.
Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
11/18/2013 | 4:47:01 PM
Re: Bigger than IT alone
@tsdoaks: Nice work here: We found that developing the right relationships, educating staff, and publicizing the value of IT security may be a way of shaking loose some budget dollars for training.

Thanks for sharing that. Can you tell us more about what the right relationships are? I agree 100% getting the C-suite to "see the light" is essential. What other relationships should IT security execs work on developing throughout their organizations? 
ANON1234185168628
50%
50%
ANON1234185168628,
User Rank: Apprentice
11/18/2013 | 1:43:03 PM
Re: Security Training In Any Industry Is Lacking
There is a real shortage of IT security skills across most enterprises, not only in federal government, but in commercial industry. One of the biggest issues is what credentials we accept to prove that the security professional has the necessary skills -- the CISSP is the standard at the moment, but there is a lot of disagreement about what skills security pros need to have, and how they can prove their experience in a credible fashion. What skills/credentials doses your organization look for when hiring?

 

Tim Wilson, editor, Dark Reading
tsdoaks
50%
50%
tsdoaks,
User Rank: Apprentice
11/17/2013 | 11:53:36 AM
Re: Bigger than IT alone
You are spot on. The behavioral science/psychology associated with (IT) security is often overlooked. However, federal government standards and audits include the management and enforcement of the security policies that focus on these behaviors. Granted, there are tools and processes that can identify risky behaviors (don't click here!) but a better trained IT security professional may not necessarily improve the outcome. A more aware and educated organization may. The entire organization (and certainly its leadership) has to make security a priority for budgets to open up to additional IT security training dollars. And to your point, that generally doesn't happen until something catastrophic occurs. All may not be lost! We found that developing the right relationships, educating staff, and publicizing the value of IT security may be a way of shaking loose some budget dollars for training. Sadly, using the breaches of other agencies has also provided some leverage when comparing similar weaknesses. Lastly, having the C-level across the org agree to include annual security training/compliance/testing as a condition for employment helped mitigate those behavioral risks and bring the IT security discussions to the forefront of everyone's thinking. This approach made it easier to obtain training dollars.
DavidLawrence2
50%
50%
DavidLawrence2,
User Rank: Apprentice
11/16/2013 | 6:21:23 PM
Re: Security Training In Any Industry Is Lacking
Have to agree with you here.  I teach students at the Graduate Level and while I teach project and program management, many of the students are in the Information Security track.  Many of them have approached me for career advice.  While there are many jobs in the field, the vast majority are looking for people with experience - but given the clearances and complexities of security it has hard to get starting jobs or internships to get the experience.
Page 1 / 2   >   >>


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July10, 2014
When selecting servers to support analytics, consider data center capacity, storage, and computational intensity.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.