Week 7: Training yourself and your IT staff

When:
Two or three times a year

Why:
When vulnerabilities are discovered hourly, new technology comes out weekly, and computing power doubles every 18 months, staying current is vital.

Strategy:
Bosses want the brightest, but they don't want to pay to maintain that high-caliber expertise. You have to find a way to stay current in spite of those who believe the training is too expensive and you won't be there should something go wrong.

My favorite training is the conference -- for minimal cost, and in a concentrated time period, you learn the latest tools and technology and reinforce what you know. How do you convince your employer to send you? 1) Educate yourself on the conference. Pinpoint specific sessions you want to attend and show how they will benefit your company. 2) Know the cost: airfare, hotel, food, rental car, conference fee, etc. 3) Write a concise memo, attach it to your brochure and present it to your boss, also including:

• Networking opportunities you'll have with peers who share similar challenges
• Suppliers/equipment companies you plan to meet
• How long you will be gone and how operations will continue in your absence
• A date for a trip report with your boss upon your return

Ways to keep training costs down:

• Attend a conference within driving distance.
• Check out conferences that offer lower group rates or a lower fee for registering early.
• Offer to speak on a subject relevant to the conference; often you'll get free admission to the conference, and sometimes travel and hotel compensation. Favorite topics are case studies, lessons learned, new technology, how to and solutions found.
• Host your own conference. Facilities use often comes out of a different budget, and your boss may be agreeable to the exposure for the organization and the learning opportunities.

More information:

http://www.issa.org
http://www.misti.com
http://www.isaca.org
http://www.infosecurityconference.techtarget.com
http://www.gocsi.com
http://www.sans.org
http://www.blackhat.com
http://www.afcea.org

About the author
Shelley Bard, CISSP, is a senior security network engineer with Verizon Federal Network Systems (FNS). An infosecurity professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia. Please e-mail any comments to securityplanner@infosecuritymag.com

Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.

Last week:Your information security education, training and awareness program
Next week: Reviewing your policies and procedures

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Weekly Security Planner,   Security Awareness Training and Internal Threats,   Information Security Management,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Weekly Security Planner Weekly Security Planner: April Weekly Security Planner: March Weekly Security Planner: January Weekly Security Planner: February Weekly Security Planner: December Weekly Security Planner: November Weekly Security Planner: September Weekly Security Planner: October Weekly Security Planner: August Weekly Security Planner: June Security Awareness Training and Internal Threats Health Net breach failure of security policy, technology Health Net healthcare data breach affects1.5 million Massive T-Mobile UK security breach involves insiders Secure your remote users in 2010 Layoffs prompt insider threat fears, cybersecurity survey finds How to use Internet security threat reports Creating a HIPAA employee training program Successful rogue antivirus hinges on social engineering External attacks start with unintentional mistakes, survey finds Security technologies fail to address insider threat management RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary dumpster diving  (SearchSecurity.com) Honeynet Project  (SearchSecurity.com) insider threat  (SearchSecurity.com) National Computer Security Center  (SearchSecurity.com) pretexting  (SearchCIO.com) shoulder surfing  (SearchSecurity.com) single-factor authentication (SFA)  (SearchSecurity.com) social engineering  (SearchSecurity.com) Total Information Awareness  (SearchSecurity.com) trusted computing  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.