Other Blogs
There are no items in this list.
ISACA > Journal > Practically Speaking Blog > Categories
The Importance of Continuous Learning
It is crucial for senior information security professionals to build new competencies and maintain existing ones. To quote my mother, a college professor and dean, “You are never done learning.” The rate of technological innovation continues to accelerate. According to Kurzweil’s The Law of Accelerating Returns, the 21st century will see almost one thousand times greater technological change than in the prior century. This means information security professionals will be called upon to respond to greater challenges in managing their associated risk. These new challenges will also generate exciting opportunities and career specializations. Many technologies we manage risk for today did not exist a decade ago, e.g., cloud computing, smartphones, virtualization.

Fortunately, the options for refreshing and extending knowledge and skills have expanded to allow the members of the information security community to maintain both proficiency and flexibility in their specific domains of expertise. Information security professionals can opt for online classrooms, traditional instructor-led classrooms or emerging learning technologies. Formal education will rarely be a one-and-done experience, but a series of programs, certifications and individual courses to maintain professional competencies over the course of a career will be needed. 
In his 1959 book The Landmarks of Tomorrow, noted management expert and author, Peter Drucker, first described the concept of the of knowledge worker. Drucker discussed the requirement for continuous learning as well as continuous teaching on the part of the knowledge worker. The same necessity to continuously renew learning was listed as one of the seven habits in Stephen Covey’s book The Seven Habits of Highly Effective People.
To evolve from information security practitioner to professional requires not just participating in conventional learning activities but seeking out experiences with the potential to transform us and sharing one’s expertise with others in the information security community. For senior information security professionals, this means exploring new personal competency development options, such as blogging, teaching, writing articles and authoring books. These types of personal challenges are worth pursuing because of their return on personal investment (ROPI) is substantial in terms of the new competencies and confidence they yield.
Read Kerry Anderson’s recent Journal article:
Navigating the Path From Information Security Practitioner to Professional,” ISACA Journal, volume 4, 2013.
Can Professional Certifications Help Your Business?
Bob SmartBob Smart, CISA, CISM, CRISC, MACS Snr, MBIS

Certifications bring clear benefits to professionals through improved global employability and earning potential. The fact that certified professionals in audit, risk and security can be paid up to a quarter more than comparably skilled and experienced staff without credentials confirms that organizations rate highly formal professional designations.

How do businesses realize this value?

Here is an example:  You are about to hire an expert to perform a security review of a source code for a key application that is being developed. You have two short-listed candidates. One has recommendations as a very efficient reviewer, while the other has several relevant professional certifications. Which one would you choose?

A challenge with many professionals in information governance, risk, compliance and security management is that businesses rely on their professional judgment for decisions, full consequences of which are often not widely understood and may take a long time to materialize (e.g., several years until an overlooked application vulnerability is exploited). However, none of these occupations are regulated under state licensing laws and practitioners are not subject to malpractice liabilities. This is why professional designations provide employers with some form of (much needed) assurance that these experts possess the necessary experience, skills and knowledge of relevant frameworks, and commitment to continuous education. The trick is that not all certifications are made equal; therefore, businesses must be able to evaluate and recognize the credibility of relevant certifications.

My recent Journal article discusses the benefits that certifications bring to businesses. It also provides employers with steps to help them determine the value of individual certifications and to create a list of preferred credentials in a cost-effective way.

What benefits does your organization draw from staff certifications? Have you won a major contract due to your commitment to formal designations for your staff? Has your insurance provider recognized your reduced risk through a lower indemnity insurance premium? Has your support for professional certification improved staff retention rates? Have your employees become more motivated and enthusiastic about new learning and development opportunities?

Please post your comments and share your experiences and methods used to determine the most suitable certification(s) for your staff and deliver the most benefits to your organization as well as the employees’ professional development.

Read Bob Smart’s recent Journal article:
Why Should Organizations Care About Professional Certifications?,” ISACA Journal, volume 2, 2013