Tuesday, September 3, 2013

Edumacation and Training: Who's responsible? You or your employer?

If you consciously decide to take a career in information technology, then you should have realized that school and training doesn't stop after you receive your degree.  The same goes for you if you decide to move into an information security position.  This realm is constantly evolving and you need to be willing to evolve with it, or find a new career.

Your goals may not align with your employer's...

If you are lucky enough to land a job with a company that will pay for training, then take advantage of it.  Just be ready to accept that what they are willing to train you on may not be in line with your personal career goals.  For example, if you work for a consulting company, they may want you certified with their primary vendors' products.  If it is a Microsoft Gold partner shop, then they need to maintain a certain number of MCSE/MCSA certified individuals to keep that partnership.  If you sell Cisco or Juniper products, the company may need those certificates as well.  They may not want to send you to SANS or Blackhat for training on the latest security topics.  Unless, of course, they are a security consulting company and they would rather your pen testing skills be honed.  If you are in a large enterprise, the training may be more open, as long as it fits in with your development plan, then it can be justified.  In any event take whatever training you can get, it will never be wasted and you might learn something interesting.

It may not be in the budget....

Be ready to hear that if you want an employer to pick up the bill for a conference.  Although it may benefit them that you receive some cutting edge knowledge, they may prefer you attend online webinars or local events, rather than sending you to San Francisco for RSA or Vegas for DEFCON and Blackhat.  If that is the case, don't be afraid to spend some of your own cash and use your personal time to hit up some of the smaller cons like DerbyCon (Louisville), ShmooCon (Washington D.C.), Thotcon (Chicago), and of course any of the many Security BSides events happening all over the world.  Most of these are pretty affordable, and all you need to do is come up with the means to get there.  If you can't afford a room, there is usually someone willing to split one.

Don't pass up excellent networking opportunities...

Back to the topic of the conferences, not only do you get exposed to some excellent talks, but these are also great opportunities to meet some interesting people.  Again, your goals may not align with your company's, but that doesn't mean you should ignore them.  Invest in yourself a little and get out to these cons.  Who knows, you might have a conversation with someone who may want you to come out the next year and speak at the con.  If it is a vendor, they may even pay for it.  Also, when at the conference, don't worry about getting to every talk on the schedule.  Take the time to participate in the "HallwayCon", grab coffee with some attendees, and don't be afraid to join a public dinner invite.  You never know who you will meet out there, they could lead you to the next stage of your career.

"I'm going as long as work approves..."

So something along those lines was said to me when talking about a BSides event that was in the next state.  They person was hoping work would pay for the single night at the hotel.  Since BSides are relatively cheap, and usually in driving distance, I will cough up the 100-200 bucks for a single night at the hotel.  Again, back to the networking opportunities and the education factor of these events, it is worth spending some of your own cash for it.  In some cases, you can claim these trips as a business expense, but check with your tax guy first.

Anyhoo....

Ultimately you are responsible for your own training and education.  If you want to succeed in your career, you will make it happen.  Whether you get work to pay for it, or not, you should still do it.  If work wants to get you trained on something not necessarily related to your goals, take it!  It is knowledge you did not have before.  So good luck out there and keep up the learning!  Maybe we will bump into each other at the next HallwayCon.  Otherwise see you at DerbyCon 2013 in Louisville this year!