No words strung together with such astute concision about the common desire to pursue learning and knowledge could link so keenly to how information security and the deep understanding sustaining it has developed. Indeed, this field is still quite young and, while it was begun and is currently bolstered by a slew of great minds, the fact is we all keep discovering new things about IT security and risk management that often highlight our collective ignorance.
Embracing this fact, though, is a good thing because it leads to an acknowledgment by most folks that one can never stop learning. Education, whether through a university, a professional industry body or a long-standing private organization is essential. That's why we decided to devote a special section to how information security executives in various stages of their careers can choose to continue educating themselves. Such an endeavor, if undertaken for the right reasons (not just to maintain a professional certificate or, say, get a raise), can facilitate the discovery of not only what one may not have known, but, more importantly, what one will and can know.
Becoming evermore skilled and grasping new concepts can be difficult given professional obligations, family responsibilities, the need for personal down-time and more. Yet, in order to stay relevant and advance alongside this fast-paced industry, it's a necessary and often rewarding enterprise. Plus, it makes day-to-day duties easier and more fruitful. For instance, we're hearing a lot from industry contacts that many companies continue to try tackling information security needs by deploying more technologies. Maybe if a few CEOs got some high-level training about the benefits of proper risk management planning they'd focus less on quick fixes and more on supporting the pros and systems they already have in place. After all, how many times do we hear security executives say that if they had more trained staff and resources they'd be able to plug vulnerabilities readily or take care of misconfigured systems more quickly – both of which are areas that give rise to today's major attacks and breaches.
Continuing education is no cure-all for the ills that plague information security initiatives. But, entities like the Departments of Defense and Homeland Security see the benefits so clearly that they require every full- and part-time employee with access to their systems to have and maintain at least one of a long list of approved professional certifications. And some IT security leaders, like our friend Rich Marshall, are working together on the Hill to advocate for more funding to support both private and public security education. Our special section this month, too, calls out the need to continue learning and cites just some of the ways you can do this. We trust you'll find it useful.
And on that note, always helpful to us here has been Dan Kaplan, who deservedly was promoted to deputy editor. Congrats to him!
Illena Armstrong is editor-in-chief of SC Magazine.