By Tim McCreight
I’ve been very lucky in my career. I started as a security officer in a hotel in Winnipeg (people who’ve heard me speak at a conferences know this) and eventually became the Chief Information Security Officer for the Government of Alberta. I’ve seen some positive changes in physical and IT security throughout my career, and watched our industry mature to the point where security professionals are now beginning to show the strategic value of security to organizations.
By Tim McCreight
I began a career in security by chance. I didn’t plan on staying in this field, but once I saw how supportive the security community was with its members, and the opportunities in both physical and IT security, I was hooked. Where else can someone go from conducting a perimeter check of a hotel parking lot, to dealing with attempted attacks against a provincial IT infrastructure, to consulting with companies about information assurance and risk management? I don’t know of any other profession that has such diverse opportunities to establish a career and the ability to grow into new and exciting positions.
This magazine produced a great event in November 2013, the Security Career Expo (and will present another this November). Students graduating from Toronto-area colleges enrolled in security and risk programs were invited to a full-day conference focused on the security industry. Five Canadian security professionals with diverse backgrounds and impressive credentials talked to these students about their life in the security industry. I was honoured to be one of these five, and truly enjoyed the opportunity to talk about my personal experiences and the benefits I received by being part of this industry.
A recent study conducted by the Rand Corporation and released during this year’s RSA Conference identified an immediate demand for skilled IT security professionals.
My ad hoc discussions with some physical security professionals point to the same issue — a lack of qualified practitioners. Over time, these shortages will eventually be reduced but the impact we’re feeling is immediate. It’s getting harder to find security professionals to help private and public organizations defend themselves.
As our workplace becomes more reliant on technology, and the security threats we face from determined adversaries increase, the need for trained security professionals becomes even greater. Simply adding more people to a team can’t solve a problem. I’ve tried to throw more bodies at a problem; the result was I simply had more bodies spending even more time getting up to speed on that problem! There has to be a balance between resources, technology, process and education. What I have done in the past, and what I continue to believe in, is the concept of hiring at a junior level, and investing the time to train these employees to become senior team members. Succession planning and diversifying your teams’ skill set is one of the most effective ways of reducing risk to your security organization and your staff.
Bringing new professionals into the security industry grows our knowledge base. We all benefit from new approaches to problems, and the skills the newest generation brings to our industry, like engaging in social media, can only keep our profession current. We will always need new, energetic members in our security family, willing to show the current generation different approaches, methods and practices.
We should all be actively recruiting the next generation of security professionals. Our industry has so much to offer, and the opportunities a new security professional can explore are far greater than when I first entered the field. If we do it right, we can also reduce some risk along the way.
Tim McCreight is a managing consultant at Seccuris (www.seccuris.com).