Home-Grown INFOSEC Professionals Recently Marcia Wilson authored an article on how to become an information security professional. She raises an interesting topic. Mentoring coworkers in how to break into the INFOSEC career field can be a powerful way to bolster your security program. Here are a few tips: 1. Ask management to pay for all or part of the cost of security certifications (e.g. CISSP & CISA). If there are enough people, it may make sense to fund a CISSP boot camp course internally. Keep in mind that many ISACA chapters hold reasonably priced CISA prep courses (e.g. $350 per person for 8 sessions of instructor lead training). 2. Once you have management's support, discuss the availability of certification funding with coworkers. Give them tips on how to prepare and offer to help them study. 3. Ask management to recognize the accomplishments of newly certified personnel (e.g. employee of the month or a bonus). 4. Try to establish a career path for INFOSEC professionals (e.g. designation of site security representative, participation in security audits, raises and/or change of title). 5. The benefits of growing INFOSEC professionals in house are numerous: a. Funding security certifications demonstrates management's commitment to employees and the security program b. New INFOSEC professionals are likely to advocate security initiatives and help support the program c. As management recognizes newly certified personnel, awareness is raised as employees take notice d. The above benefits overall help foster a culture of security which outweighs the cost of certifications. Links to Marcia's article and more can be found below. Kind regards, Gideon Gideon T. Rasmussen CISSP, CISA, CISM, SCSA Wellington, FL http://www.virtualcso.com http://www.infosecresources.com http://groups.yahoo.com/group/insider-threat How to Become an Information Security Professional http://www.itmanagersjournal.com/article.pl?sid=05/11/15/2027247 Bob Moore Knows How to Get Hired http://www.csoonline.com/read/060103/hired.html Bob Moore Knows How Not to Get Fired http://www.csoonline.com/read/060103/fired.html Information Security Professional http://www.gideonrasmussen.com/infosec-prof.html Posted: Tue Nov 29, 2005 11:41 pm INFOSEC List: