The last few weeks have seen a spate of stories – in the national press as well as in the more specialist industry journals – bewailing the shortage of information security/cybersecurity skills.
Here’s an idea: do a training course! Get some of those valuable, scarce skills! Training is available at all levels – from Foundation courses on best practice information security management, or on cloud security – all the way through to more challenging qualifications like CISSP and Ethical Hacking.
The thing is, in the IT industry, we mostly accept the logic that virtually everyone should do at least an ITIL Foundation course, that lots of people should do PRINCE2 – even though most people won’t really ever use the qualification – but we haven’t placed the same level of importance on basic information security training.
That has to change now. Information security is too important to leave to chance. You have to start ensuring that everyone who has any sort of IT service management qualification also has a foundational understanding of risk management and control selection. Here’s a good starting point: ISO27002 – Best Practice for information security management.