In these challenging times, it is prudent to take stock of where you are and make sure you are doing everything in your power to contribute to the success of the organisation you are working for, writes independent governance and risk consultant Roger Southgate, past president of Isaca London.
It may be helpful to step back and ask yourself "what does this role really need?" and "If I was applying for this job today, would I get it? The answers will fall into two broad categories of eligibility and suitability.
In crude terms, eligibility gets you an interview, and suitability gets you the job. The main aspects of eligibility are: knowledge, experience and skill, and for suitability: values, beliefs and attitude.
Most security practitioners I meet have very few shortcomings in the technical arena. However, their understanding of the organisation they work for, how it works and where and how they contribute to its success is another story.
Technologies will come and go, what has become increasingly important to all organisations in these very competitive times is ensuring they are easy to do business with, and can be trusted. The security professional needs to have a much better understanding of their organisations business processes and customers needs, wants, and aspirations.
To this end, I think there is a need to broaden one's horizons. Organisations such as the British Computer Society and Isaca both provide their members with great opportunities to network, as of course does Infosecurity Europe.
You may like to refer to the following publications available to download from the Isaca website to help take stock of where you are and plan your progression:
- CISM Exam Candidate Guide - contains lists of the knowledge and tasks an information security manager needs to poses. This may help you perform both the reality check and identify areas to work on.
- Information Security Governance: Guidance for Information Security Managers
- Defining Information Security Position Requirements
- Isaca Model Curriculum for Information Security Management