Conferences and Training | The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program

To prepare yourself for an ISSO position, try to complement your education with as much training as possible. There are numerous associations, consultants, and companies which provide training classes, workshops, and conferences covering the entire field of InfoSec. None are very cheap—though of course that is relative—but they do provide opportunities to gain firsthand knowledge on the many InfoSec topics.

These InfoSec topics range from the administrative, nontechnical aspects of InfoSec to the technical. One can find many of these conference and their agendas by looking online at related associations' Web sites, such as those of the Information Systems Security Association (ISSA) or the MIS Training Institute (MISTI).

These training courses and workshops also give you the opportunity to find out what works and what does not work. This will come in handy some day when you become an ISSO. You won't have to learn the hard way—by experience. Don't concern yourself with the "not-invented-here" syndrome. Learn from the mistakes of others and apply what will work for you, your career, and your InfoSec program!

Remember, it's not where you get your information or methodology, it's whether or not you successfully apply it. Your company is interested in results. So, be results-oriented!

Before attending any conference or workshop, which provides a choice of courses on various topics, you should know what up-to-date information you are lacking. Then be sure to attend those courses. Also, be sure to ask questions. The purpose of the courses is to exchange information and learn from each other.

To determine what InfoSec courses and knowledge areas you should concentrate on while at the conferences, or what training you require, use the matrices previously shown in Figures 15.2 and 15.3. Rate your experience/knowledge using either a scale from 1 to 5, or "high," "medium," or "low." Be honest and objective, because if you are not, you are only cheating yourself. After you complete that section, sequentially number the training you need in a priority order. Obviously, the lower your current knowledge rating, the higher you should rank the type of training needed, and vice versa.