Problem solve Get help with specific problems with your technologies, process and projects.

Week 7: Training yourself and your IT staff

It's hard to find the time in a busy schedule for training and/or classes on infosec. Here are some tips to help you keep your skills sharp and up to date.

Two or three times a year

When vulnerabilities are discovered hourly, new technology comes out weekly, and computing power doubles every 18 months, staying current is vital.

Bosses want the brightest, but they don't want to pay to maintain that high-caliber expertise. You have to find a way to stay current in spite of those who believe the training is too expensive and you won't be there should something go wrong.

My favorite training is the conference -- for minimal cost, and in a concentrated time period, you learn the latest tools and technology and reinforce what you know. How do you convince your employer to send you? 1) Educate yourself on the conference. Pinpoint specific sessions you want to attend and show how they will benefit your company. 2) Know the cost: airfare, hotel, food, rental car, conference fee, etc. 3) Write a concise memo, attach it to your brochure and present it to your boss, also including:

  • Networking opportunities you'll have with peers who share similar challenges
  • Suppliers/equipment companies you plan to meet
  • How long you will be gone and how operations will continue in your absence
  • A date for a trip report with your boss upon your return

Ways to keep training costs down:

  • Attend a conference within driving distance.
  • Check out conferences that offer lower group rates or a lower fee for registering early.
  • Offer to speak on a subject relevant to the conference; often you'll get free admission to the conference, and sometimes travel and hotel compensation. Favorite topics are case studies, lessons learned, new technology, how to and solutions found.
  • Host your own conference. Facilities use often comes out of a different budget, and your boss may be agreeable to the exposure for the organization and the learning opportunities.

More information:

Many organizations often have expos and free sessions, and many security and technical professional groups have security conferences throughout the year -- many for less than the cost of a college class. Some of them are:

About the author
Shelley Bard, CISSP, is a senior security network engineer with Verizon Federal Network Systems (FNS). An infosecurity professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia. Please e-mail any comments to

Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.

Last week:Your information security education, training and awareness program
Next week: Reviewing your policies and procedures

This was last published in January 2004

Dig Deeper on Security Awareness Training and Internal Threats-Information

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.