I get a lot of enquiries from wannabes who, as they put it, want to “break into security“. I presume they see it as more interesting than the work they are doing.
The luminaries of our profession, be they CISSPs or people like Marcus Ranum and Bruce Schneier who lack such certifications, all came up the same way that Stephen Northcut did and many of us here did – the long way. And gained the practical experience and understanding of the issues along the way.
Northcut ends up saying
The biggest gap isn’t courseware or technology, it is management
Its too easy to interpret that as management being separate from InfoSec, that its management’s responsibility hire or train the Infosec people that are needed. But such would be a short-sighted view that
delegates InfoSec professionals to technical roles.
No, it is important that InfoSec professionals have (or learn) management skills.
Some engineering schools take the view that if you are choosing engineering as a profession then in a few years you will have a supervisory or a managerial role, and hence decide to teach some management fundamentals at the undergrad level. These may vary but when you look at them they seem like a mini-MBA course:
- management accounting and budgeting
- project planning and work breakdown
- teamwork skills
- report writing and presentation
In the long run, it is the development of those skills which enables a “engineer” to communicate and deliver and so have more influence and control over his career and work he does. technical skills may be
great, but unless you can show senior management why they are relevant and why they are of value to the organization you are not going to have a chance to exercise and develop them.
Sadly many are so set in the geek mentality and the “geeks vs suits” career-limiting outlook they don’t see how essential these skills are to Getting Things Done.
The real question though is “Mandarin or Cantonese?”
Related articles by Zemanta
- ISC2 Launches Virtual Seminars for Information Security Architecture, Engineering and Management Credentials (eon.businesswire.com)
- ISC2 Appoints Three New Members to Its Advisory Board of the Americas (eon.businesswire.com)
- Reflections on SANS ’99 New Orleans: Where It All Started (rationalsurvivability.com)