13
ISACA, a globally known nonprofit organization, helps in the building, adoption, and utilization of global
and prominent industry knowledge and practices for information systems. ISACA holds a handful of
conferences around the world and exhibits at conferences to promote the association. (ISC)
2
is an
international organization providing industry-related education and professional certifications, that
holds summit events internationally and a series of monthly webinars. Black Hat is also an international
organization providing the latest security information in research, development, and security trends, as
well as cybersecurity training during conferences. Joining an industry-related association and attending
conferences helps keep professionals informed of the latest advancements while building a professional
network.
The Information Systems Security Association (ISSA) is yet another cybersecurity related organization.
ISSA has created the Cybersecurity Career Lifecycle (CSCL) website, which provides members, a tool to
help plan out their career roadmap. The CSCL’s model is based on the Cumulative Knowledge model,
which focuses on gaining the foundational knowledge demonstrated by experience gained through
higher education and/or certifications, continuous and responsive learning, followed by cumulative
knowledge gained over time.
33
The CSCL model provides a career level description, and the suggested
skills and knowledge required at each career stage (i.e., Pre-Professional, Mid-Level, Senior-Level, and
Security-Leader). Additional information, such as education, meet-ups, and mentorships, is available.
Cybersecurity associations, working groups, and conferences provide an excellent opportunity for
professionals to enhance both their personal and professional development. The National Initiative for
Cybersecurity and Education (NICE) working group, which is made up of six-sub groups, is another
excellent example of how professionals from the private and public sectors have come together to share
industry-related knowledge, develop new ideas, design strategies, and work on advancing cybersecurity
through education, training, and workforce development.
34
According to a 2017 study involving 15,905 LinkedIn members, almost 80% of professionals consider
professional networking to be important to career success.
35
The flip side of that is, 38% say it is difficult
keeping in touch with members of their network; half of those respondents attributing it to time
constraints. Building a reliable network of professionals is an excellent resource for referrals, advice,
friendships, mentors/mentees, and jobs. Being well connected, and knowing how to network effectively,
will cultivate valuable relationships that will help with career advancement.
Building this network of peers is also a good strategy for identifying mentors. There are programs such
as the Multi-State Information Sharing and Analysis Center (MS-ISAC) that match those new to
leadership positions with seasoned professionals working in a similar role. Participants share industry
experiences, useful insights, and lessons learned relating to security concerns and best practices.
According to a 2015 survey conducted by the Harvard Business Review, 84% of the 45 CEOs credited
mentors with helping them avoid costly mistakes and become proficient in their roles faster.
36
Professionals can give back to the cybersecurity community by becoming a mentor to someone else.
There are numerous other ways a seasoned professional can contribute to the cybersecurity
community. According to Michi Ancheta,
37
a writer for CareerAddict.com, blogging has professional