ISACA Journal
Volume 5, 2,018 

More 

HelpSource Q&A 

Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP 

Q  I have a degree in computer engineering and have been working in a consulting firm for the last 10 years. Considering the changes happening in IT, I feel there is a need for updating my skills; however, I am not sure what studies I should pursue to ensure that my skills are not outdated. What options are available to me?

A  This is a typical issue faced by many professional today due to advancements in technology and the evolving business landscape. More sophistication in technology has the potential to reduce the manual workforce, although it is true that it also creates new job opportunities. However, the number of jobs created is much less than the number of jobs replaced by technology. A survey by the World Economic Forum about the future of jobs1 reported this fact. The survey points out that automation has reduced jobs in office administration, manufacturing and production, art and entertainment. However, there have been job opportunities created in management, business and finance, IT architecture and sales. The data further indicates that new job opportunities will be created in the areas of data analytics and specialized sales. Surprisingly, the report does not consider cybersecurity or information security skills as important job requirements, most probably because the survey is nearly three years old (published in January 2016).

Other security studies report that many organization indicate an acute shortage of cybersecurity professionals. However, these reports are silent about skill requirements. Cybersecurity or information security2 fields require various skills depending upon the areas of operations. Security is the responsibility of everyone associated with an organization and, from that perspective, each job requires knowledge and skills related to information security as per individual roles and responsibilities. A chief information security officer (CISO) needs to understand technology and must have proficiency in management and information security requirements. A security operation center needs individuals with different technical and analytical skills to define monitoring mechanisms, alert mechanisms and incident response. Application security professional must have knowledge and be aware of vulnerabilities and threats and ways to detect and control them.

Another IT area which is growing steadily is information systems audit. Knowledge of auditing not only helps auditors, but also auditees in understanding the control requirements. Information systems auditors need to understand concepts related to technology, associated risk and best practices to respond to risk. This understanding helps not only auditors, but also every professional in executing their responsibilities more effectively.

An overlooked area that is not considered by many as a main career option is risk management. Risk management is a foundation not only for security and audit, but also for overall business decisions. Many times, risk associated with technology are considered independent of business risk and there is a disconnect between enterprise risk management and technology risk management.

Emerging technologies such as artificial intelligence (AI), blockchain technology, the Internet of Things (IoT), big data and analytics, and robotics are increasingly being implemented by organizations. One needs to understand how these technologies work to deliver what the business needs. However, everyone cannot be an expert in all areas. One needs to make intentional and strategic decisions to future-proof one’s career.

The study of emerging technologies can be undertaken either via formal education or by leveraging various online course offerings. After working in the industry for a number of years, it may not be possible for everyone to go back and pursue more formal education. Many organizations support/recognize the courses offered by Massive Open Online Courses (MOOC).3 MOOC are free online courses that are available for anyone. It provides an affordable and flexible way to access quality educational options, learn new skills and engage in professional development. MOOC is promoted by edX4 which is a nonprofit, open-source learning center offering online courses from more than 100 member institutions, composed of both leading global universities and colleges and a diverse group of prominent organizations from around the world. Founded by Harvard University (Cambridge, Massachusetts, USA) and the Massachusetts Institute of Technology (MIT) (Cambridge, USA), edX is focused on transforming online and classroom learning. Coursera5 also provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online.

Additionally, there are professional certifications and courses available. For example, ISACA offers certification in IS audit (Certified Information Systems Auditor [CISA]), information and cybersecurity (CSX and Certified Information Security Manager [CISM]), governance of enterprise IT (Certified in Governance of Enterprise IT [CGEIT]) and risk management and information systems controls (Certified in Risk and Information Systems Control [CRISC]). ISACA also offers online training for these certifications, except CSX, which requires hand-on, interactive training.

Other educational institutions offer short-term courses and certifications. For example, Harvard Business School6 and MIT7 offer many short duration courses under executive education for individuals as well as organizations.

(ISC)2 also offers certifications in information security. The Project Management Institute8 offers certifications in program and project management.

It is most important to understand the changes and emerging trends in the IT industry, and one needs to be ready to cope with those. The best way forward is to continuously update one’s skills and competencies.

Here are several tips to help professional determine what and how to learn more:

  • Identify the knowledge gaps in skills that are required for a profession. This will help in deciding what to learn.
  • Determine the purpose of learning. Also, decide the knowledge level to be achieved.
  • Determine the objective for learning new skills.
  • Decide how to learn; self-study or from trainers. Identify available training in target areas based on quality, cost, value and availability of time to be spent on learning without compromising current responsibilities. Research online free and paid learning opportunities.

The most important aspect to remember in updating skills is that it should be for the purpose of learning rather than changing jobs or getting a raise. If the learning objective is achieved, other objectives will be achieved as well.

Endnotes

1 World Economic Forum, Employment Trends, http://reports.weforum.org/future-of-jobs-2016/employment-trends/
2 This article subscribes to the viewpoint that there is no difference between information security and cybersecurity. Many security professionals use these terms interchangeably.
3 Massive Open Online Courses, http://mooc.org/
4 edX, https://www.edx.org/
5 Coursera, https://www.coursera.org/
6 Harvard Business School, Executive Education, Harvard University, Cambridge Massachusetts, USA, https://www.exed.hbs.edu/Pages/default.aspx
7 MIT Management Executive Education, Massachusetts Institute of Technology, Cambridge, Massachusetts, USA, https://executive.mit.edu/?gclid=Cj0KCQjwv73VBRCdARIsAOnG8u3Qy5rH3gcM-lxf0eWZILJKTpvdGFLYNEwVbtvQ_TbDxvWsAjEiZAEaAlWhEALw_wcB
8 Project Management Institute, https://www.pmi.org/

Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP
Has worked in IT, IT governance, IS audit, information security and IT risk management. He has 40 years of experience in various positions in different industries. Currently, he is a freelance consultant in India.

 

Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.