Ask the Expert

What is the best security training to advance a career in IT security?

In the security industry, there are tons of options for certification and training, but which are best when looking to advance your career? In this expert response, David Mortman explains what you need to know to climb the ladder.

    Requires Free Membership to View

    Login

Let's start with certifications. Certifications won't generally enhance your career in information security unless the job you're looking for requires them. So unless a certification is required, save your time and money and focus on more training. Training will give you actual skills that can demonstrate your value. Remember, training gives you knowledge and the beginnings of skills. Certifications say you remembered the requisite information long enough to get the minimal score necessary to pass a test -- they are not at all the same thing.

Without knowing where you are in your career and what skills you already have, I have a hard time recommending specific classes. In terms of enhancing technical skills, I've heard great things about the trainings offered at Black Hat prior to the briefings. I've also heard great things about the SANS security training classes, especially with regard to forensics. If those classes are outside your budget, there are lots of great websites and blogs you can study from, not to mention books. Check out the Security Bloggers Network and the Team Cymru News Feed. Both are great sources of information and will give you a fantastic overview of the best blogs in the industry to pick and choose from. Finally, you could try to set up a study group with other security professionals in your town to discuss a particular topic, sort of a book club for infosec pros. There are a number of national and regional information security user groups as well.

If you are interested in pursuing (or are already on) the security management track, I would avoid security classes altogether and instead consider business classes. A stronger understanding of how businesses work (and, in particular, how your employer works) will be a great benefit to your career. Such understanding can enable you to communicate with the business in terms that they understand; having a common language will give you the ability to get a lot more done. In addition to general management classes, it would be useful to take classes on finance -- at least enough to understand balance sheets, 10Ks and what not. Classes like this are generally available in the evenings at local universities and community colleges.

Finally, regardless of where you are in your career, I recommend that everyone work on their presentation skills, whether though formal classes, semi-formal organizations like toastmasters, or even by speaking regularly at local groups. Without the ability to communicate effectively to business executives and your security team, the rest of your training will go to waste.

For more information:

This was first published in August 2009

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top