“I highly recommend companies implement a mentoring program for young security professionals,” says Dan Waddell, senior director of IT security with eGlobal Tech, in a recent SearchSecurity article. “Set them up with a mentor to help guide them as they start down their career path.”
It's an excellent suggestion, but I can’t help wondering how practical and effective this is over the long haul. To be fair, Waddell does not portray this as the only method—simply something companies should be doing, assumedly, in addition to other career-development activities.
It’s no secret that the current economic climate has led to staff reductions and organizational consolidation. So I question how many companies in this economy can afford to have their more experienced people spending blocks of valuable time with young professionals. As someone who has been in IT and IT governance positions for almost 30 years, I have mentored team members that have been assigned to work with me with the intent of learning the core skills of my position. And it does give them a better broad-based understanding of the information-risk discipline, but the day-to-day operational responsibilities are most often viewed by my professional shadows as just plain overwhelming.
The simple fact is that mentoring and cross-training alone won't get it done. Just because a company initiates a mentoring program and “encourages” their less-experienced staff to participate, that does not automatically translate into a successful result. The individuals being mentored must have a desire to learn, a desire to excel and a genuine passion for the profession.
Mentoring is a good start, but it is only one of the many things that companies must undertake. Formal education and training are also required. College graduates understand what bits and bytes are, but conferences, seminars and specialized training funded by employers are also required. These are the learning activities that drive young professionals down the path of acquiring those rubber-meets-the-road skills that companies are looking for.
And finally, companies need to ensure that the mentoring program is one that includes what I call "Thought Leadership Development Programs (TLDPs)." TLDPs are the professional ranks' version of the traditional Leadership Development Programs many companies now have in place to provide their young employees with the broad spectrum of business experience needed to be the next generation of managers and executives in the company.
TLDP initiatives would do the same thing for employees who aren't interested in the management track and are, instead, more interested in growing their technical skills. Critical thinking and the ability to integratively synergize situational information with acquired knowledge are what produce a solid technical acumen. Companies need thought leaders as much as they need business leaders. Ignoring this fact in favor of only management-oriented programs puts companies in peril of providing insufficient growth opportunities and leads to increased turnover among the technical professional ranks.
William Wells, CISM, CISA, CRISC, CISSP, CIPP/IT
Transamerica Life & Protection
Continue the conversation…engage with your peers in the Young Professionals section in ISACA’s Knowledge Center.
We welcome your comments! Please log in using the Sign In link at the top right of this page and then leave your comment in the box at the end of the post. To view all blog posts, please click on the ISACA Now link in the blue box on the left.