InfoSec Training for IT SpecialistsHomegrown Certification Program Boosts Security Skills
The new certification program not only gives these infosec officers security training; it provides Starkey with a vehicle to share her IT security vision.
The program, Delaware Certified Information Security Officer, or DCISO, is similar to other professional certification programs, where individuals earn a minimum number of credits.
Budgets at the government level, much like they are at smaller financial institutions are tight, and many information technologists wear multiple hats. And, similar to the financial-services industry, in Delaware, the dearth of qualified IT security specialists means individuals with other types of IT expertise have been given security responsibilities they may not be qualified to oversee.
The DCISO program furnishes those technologists the knowledge they need to perform as security officers. "That's pretty much the cornerstone of it," Starkey says in an interview with Information Security Media Group.
"In many cases, they're learning as they go, too," she says. "That's what makes being an ISO pretty difficult in a state organization, and probably other places, too, that security isn't their only responsibility. In some cases, in small agencies especially where there is one IT person, they're everything."
Managing by Influence
Security officers in state agencies and school public districts throughout Delaware do not report to Starkey, but to officials in their respective organizations. The DCISO initiative provides Starkey a platform where she can influence security officers in how they approach IT security.
"They'll go back to work tomorrow, and they'll have other things on their plate other than security to deal with," Starkey says.
During this interview, conducted in September at a half-day meeting of Delaware state security officers, Starkey explains:
- Requirements infosec officers must meet to receive DCISO certification;
- The importance of providing face-to-face group meetings for infosec officers; and
- The value of conducting incident tests at the face-to-face meetings, which can earn infosec officers credit for their DCISO certification.
Starkey has been Delaware's state CSO for seven years. She earned two computer science degrees, a master of science from Rochester Institute of Technology and a bachelor of science from James Madison University.