When it comes to professional development, it pays to give people choices, says George Hazell.
Financial services companies should be able to demonstrate that the people responsible for information security have the appropriate skills, George Hazell, CISO for Alliance & Leicester believes. He leads a team of 32, including nine internal consultants who manage security within projects, plus analysts, administrators and senior managers. He estimates that up to 20 per cent of their time is devoted to professional development. For some, half of this will be dedicated to learning about specific business requirements, with the other half spent pursuing individual development goals. The objective here is not just to improve job knowledge and awareness of security disciplines, but also to ensure that everyone has the opportunity to develop as an individual. The focus on professional development is, an essential part of security for A&L, according to Hazell.
"Certainly there will come a time when the regulators will ask how the banks know their people have the required skills," he explains. "Without some sort of professional accreditation scheme, this would be very difficult to demonstrate. But generally, I don't look to fit the training courses around the job; I tailor them around the individual."
Everyone is accountable for their own development plan, with few obligations. Consultants are asked to earn (ISC)2's CISSP credential within a year of joining. New entrants to the field, including those moving over from other areas of IT or the banking business, are required to complete the ISEB foundation-level course as a start. Beyond this, it is up to the individuals to select their own programme, although recommendations are made. There is only one rule: "They must develop. They can set their own pace, but not moving forward is just not an option," says Hazell.
"It is often believed that if you invest too much into training people you'll make them more marketable and lose them. In fact, the opposite is true. I believe that our approach has increased loyalty. We continue to recruit and retain high-quality people."