Experience | The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program

Many of the people filling ISSO positions today did not start out to be ISSOs. For many, the ISSO position did not exist when they began their journey in InfoSec.

As with any person entering any profession for the first time, the challenges are many. How does one become an ISSO if the company or government agency wants a person with experience? The inexperienced candidates seem to never have the chance to gain that experience—the typical "Catch-22" situation. However, isn't that the same for all professions?

There are far too many excellent books on the market, books that specifically address the issues of job hunting and how to gain experience, for this author to deal with the subject in any great level of detail in this book. Suffice it to say that the reader can find many of these types of books at the local library, online through the Internet, and at the local bookstore. The important point is to get several of these books and articles, and use them to your advantage.

The best approach to take is to get experience anywhere and in any way you can. Many people fall into the trap of thinking that they can only gain the InfoSec experience they need by being employed in the profession by some company or government agency. If you can do that, that's great! However, what if you can't?

There are several other ways to gain related experience. There are many schools, ranging from elementary schools, to universities, to senior associations, that may need some type of help which is information systems-related. So, volunteer!

You can volunteer to help them with their computer needs. Sometimes the help needed may be as simple as helping to load new software on a microcomputer, or installing a new piece of computer hardware.

While you are doing your volunteer work, also volunteer to set up some access controls and audit trails. Maybe you can even volunteer to periodically review the audit trails for them to be sure that the systems aren't being abused or used for unauthorized purposes.

The main point is that it is a win-win situation. They get the help they need, while you gain the experience you need. You may be surprised to learn that many small companies would also greatly appreciate your volunteered assistance.

You can find such work by contacting various charitable organizations, or by discussing it with members of your church, city council members, local chamber of commerce, business associations, etc. Who knows, you may find that your volunteer work leads to consulting work or a permanent position.

So, volunteer! You'll not only be helping yourself, but maybe more importantly, others in need, your community, and your chosen profession.