Home-Grown INFOSEC Professionals
Recently Marcia Wilson authored an article on how to become
an information
security professional. She raises an interesting topic.
Mentoring coworkers
in how to break into the INFOSEC career field can be a powerful
way to
bolster your security program. Here are a few tips:
1. Ask management to pay for all or part of the cost of
security
certifications (e.g. CISSP & CISA). If there are enough
people, it may make
sense to fund a CISSP boot camp course internally. Keep
in mind that many
ISACA chapters hold reasonably priced CISA prep courses
(e.g. $350 per
person for 8 sessions of instructor lead training).
2. Once you have management's support, discuss the availability
of
certification funding with coworkers. Give them tips on
how to prepare and
offer to help them study.
3. Ask management to recognize the accomplishments of newly
certified
personnel (e.g. employee of the month or a bonus).
4. Try to establish a career path for INFOSEC professionals
(e.g.
designation of site security representative, participation
in security
audits, raises and/or change of title).
5. The benefits of growing INFOSEC professionals in house
are numerous:
a. Funding security certifications demonstrates management's
commitment to
employees and the security program
b. New INFOSEC professionals are likely to advocate security
initiatives
and help support the program
c. As management recognizes newly certified personnel,
awareness is raised
as employees take notice
d. The above benefits overall help foster a culture of
security which
outweighs the cost of certifications.
Links to Marcia's article and more can be found below.
Kind regards,
Gideon
Gideon T. Rasmussen
CISSP, CISA, CISM, CFSO, SCSA
Wellington, FL
gideon@infostruct.net
How to Become an Information Security Professional
http://www.itmanagersjournal.com/article.pl?sid=05/11/15/2027247
Bob Moore Knows How to Get Hired
http://www.csoonline.com/read/060103/hired.html
Bob Moore Knows How Not to Get Fired
http://www.csoonline.com/read/060103/fired.html
Information Security Professional
http://www.gideonrasmussen.com/infosec-prof.html
Posted:
Tue Nov 29, 2005 11:41 pm
Copyright © 2002 - 2007 Gideon T. Rasmussen All Rights Reserved.
Legal Notices