Main Nav

EDUCAUSE Security Professionals Conference 2006. Summary: The Path to Becoming a Security Professional

The Path to Becoming a Security Professional
Andrea C. Hoy
President, Orange County Chapter of the Information Systems Security Association (ISSA)
Notes from the 2006 Security Conference Closing General Session
Security org charts vary from organization to organization and your reporting structure can help or hinder you in your work and career growth.  A critical factor is “who is your boss and who that person is.”  Most of the time it is the long-known factor of working relationships  - who you know not what you know – that helps one’s professional work and development. 
There are many reporting paths for security professionals.  All have pluses and minuses.  Take a look at your reporting path.  Does your path up go to the right people?  Does your path down go to the right people?  Can you communicate your work appropriately?
Most of the time those you are working for do not know what they want and you will need to tell them what they need to know and then tell that to them.  At the same time, they all know what they don’t want to know and so you need to figure that out in advance and couch your messages appropriately.  Institutions need to know their vulnerability and so risk assessments are important, however, some institutions don’t want to know because they think it makes them “look bad.”  How will you handle these kinds of issues?
Establishing policies for your work is important, especially in what outside requests you will respond to and how.  For example, no one likes email discovery requests so you need good policies to protect you.
Even if your organization, and your boss, understands that information security is important, most will not understand what they need and what it will cost.  Job descriptions for professional security positions vary widely and can include many different aspects.   An annual survey notes that CISO/CSO/CRO are now considered a strategic permanent position by 58% of the respondents.  Forty-nine percent now believe that information security is a business enabler and essential to business and they believe it is no long just an overhead cost.
CISCO Forum 2006 statistics:
  • Academic degree – 100%
  • JD – 1 of 56
  • MBA / masters 19 of 56
  • PhD   2 of 56
  • CISSP 99% (security professional)
  • CISA   7%   (auditing)
  • CPP     3%   (physical security)
  • CISM    13%  (manager)
The presentation slides are available at

Tags from the EDUCAUSE Library

Tags from the Community