Week 7: Training yourself and your IT staff

It's hard to find the time in a busy schedule for training and/or classes on infosec. Here are some tips to help you keep your skills sharp and up to date.

This Content Component encountered an error

When:
Two or three times a year

Why:
When vulnerabilities are discovered hourly, new technology comes out weekly, and computing power doubles every 18 months, staying current is vital.

Strategy:
Bosses want the brightest, but they don't want to pay to maintain that high-caliber expertise. You have to find a way to stay current in spite of those who believe the training is too expensive and you won't be there should something go wrong.

My favorite training is the conference -- for minimal cost, and in a concentrated time period, you learn the latest tools and technology and reinforce what you know. How do you convince your employer to send you? 1) Educate yourself on the conference. Pinpoint specific sessions you want to attend and show how they will benefit your company. 2) Know the cost: airfare, hotel, food, rental car, conference fee, etc. 3) Write a concise memo, attach it to your brochure and present it to your boss, also including:

  • Networking opportunities you'll have with peers who share similar challenges
  • Suppliers/equipment companies you plan to meet
  • How long you will be gone and how operations will continue in your absence
  • A date for a trip report with your boss upon your return

Ways to keep training costs down:

  • Attend a conference within driving distance.
  • Check out conferences that offer lower group rates or a lower fee for registering early.
  • Offer to speak on a subject relevant to the conference; often you'll get free admission to the conference, and sometimes travel and hotel compensation. Favorite topics are case studies, lessons learned, new technology, how to and solutions found.
  • Host your own conference. Facilities use often comes out of a different budget, and your boss may be agreeable to the exposure for the organization and the learning opportunities.

More information:

Many organizations often have expos and free sessions, and many security and technical professional groups have security conferences throughout the year -- many for less than the cost of a college class. Some of them are:

http://www.issa.org
http://www.misti.com
http://www.isaca.org
http://www.infosecurityconference.techtarget.com
http://www.gocsi.com
http://www.sans.org
http://www.blackhat.com
http://www.afcea.org

About the author
Shelley Bard, CISSP, is a senior security network engineer with Verizon Federal Network Systems (FNS). An infosecurity professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia. Please e-mail any comments to securityplanner@infosecuritymag.com

Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.

Last week:Your information security education, training and awareness program
Next week: Reviewing your policies and procedures

This was first published in January 2004
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close