Periodically, articles are published that recommend skills to information security professionals to help them become more productive at work. I would like to focus on a recent article published on cio.com titled, 10 Critical Security Skills Every IT Team Needs. The article recommends the top ten skills that every security professional should have in order to become more productive which are: security tools expertise, security analysis, project management, incident response, automation/devops, data science and analytics, scripting, soft(er) skills, post-mortem deep forensics and passion. Some skills, like passion, obviously cannot be taught in any classroom but that’s not the case with some of the others. These are the skills that I think our chapter can provide to give our members more value in the workplace.
Currently, many universities and professional training centers do not offer courses in what may be considered as “minor” skills even though these skills are highly valued in the workplace. Take architecture or engineering for example; many companies not only want general information security experience but they are also asking for specific tools or techniques that may not be offered in any classroom. While we obviously know that it is impossible to learn even the basics of every tool on the market
Another problem is how to effectively communicate one’s credentials to a hiring manager either through a resume or during an interview. If there is a shortage of infosec professionals then why is it that so many infosec job seekers have trouble finding work? The likely reason is because hiring managers were looking for the wrong skill sets and, therefore, weren’t persuaded of a candidate’s qualifications. That is understandable since hiring managers are often not security professionals themselves but the problem persists. Many IDS tools, for example, are not open source and are not available for interested professionals to download, test and learn.
Education is one of our chapter’s primary objectives which is why we’re creating a new program called Peer Education—Experts Teaching Experts. The purpose of this program is for our expert members to teach newcomers in job search and resume enhancement techniques and specific security skill sets including vendor products or services with the purpose to help less skilled members obtain valuable skills to improve their chances of finding a job.
As a non-profit organization, we respect the need to separate vendor marketing from education so the board is in the process of developing requirements to ensure that the topics presented are pure education—no marketing will be permitted.
Starting in January, our chapter will be hosting meetings at the UT Thompson Conference Center on the third Tuesday of the month. We have reserved the conference center for the entire day so this gives us an opportunity for to offer these classes. We ask all members to consider volunteering to present security-related topics based upon their experience as infosec experts. As a community, we have always believed in sharing our knowledge with others. This program will enable us to make that desire possible.
ISSA, Capitol of Texas Chapter