Professional Monitor: In association with (ISC)2

Analysis by Iain Andrews

Customer-facing experience is crucial for well-rounded information security professionals, says Iain Andrews.

Customer-facing experience is crucial for well-rounded information security professionals, says Iain Andrews.

People working in information security often tend to be introspective, yet they depend on learning from the world around them. Iain Andrews, head of information security at Fujitsu Services is addressing this paradox by pulling together a company-wide intranet community for people working in infosec. He is involving everyone from IT specialists to customer-facing consultants in major policy decisions and other relevant discussions.

"Ideally, everyone working in this profession should have to spend some time gaining customer-facing experience," Andrews says. "It's not about improving their security knowledge. We can be too focused on security."

As the person responsible for setting and monitoring compliance with information security policy, Andrews works across a broad set of both internal and customer-facing departments.

"The biggest challenge in information security is that the problems we are facing today are not the same as those we were facing three or four years ago," he says. "This is why there are two aspects to professional development: the formal certifications and pursuing current knowledge. We encourage people to get involved in groups, forums, read trade press, and get as much information as possible."

Fujitsu's intranet community serves as a forum for everyone working with information security in the company. Here input is gathered and experience shared, in preparation for more formal undertakings, such as the work conducted by the Information Security Forum or quarterly meetings held by the company's Information Security Steering Group.

An example of the community at work is the gathering of early input for the company-wide employee awareness and information security training program. For some departments, this program is part of their requirement to maintain ISO 27001 accreditation.

"It's not always possible for people to get that customer-facing experience, but we can provide a structure for them to get involved in broad initiatives, widen their perspective," says Andrews.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events