Taking Security Training to the Next LevelTexas InfoSec Academy Provides Tech Pros Needed Skills
Texas Chief Information Security Officer Brian Engle, like other CISOs, has voiced concerns that the state government didn't have sufficient staffers and managers with the right set of IT security skills. Engle, however, did something about it.
Collaborating with a key aide - Claudia Escobar - Engle last fall founded the Texas InfoSec Academy, which trains IT and IT security professionals with the soft and hard skills needed to manage and secure information resources situated in scores of state departments, agencies, boards and commissions.
The government-run academy's primary function is to identify the skills the state needs and train people in them. But a secondary value of the program is as an enticement to workers who seek employers that offer training in highly desirable skills. "Certainly, the value an individual goes up after going through the academy, but at the same time their value to us increases, too," Engle says in an interview with Information Security Media Group.
The Texas InfoSec Academy offers six tracks that an enrolled employee could reasonably complete in about eight months, Engle says. The tracks include information security management leadership, incident handling, forensics, disaster recovery, application and secure code and penetration testing and hacking. About 150 employees and managers a year are chosen to participate in the program and are selected by the IT security leaders in various state agencies.
Engle says the program costs the state about $500,000 per year to operate.
"The true measure of whether or not we're effective is that we will have folks who are capable of doing their jobs at the highest rate, and overall the organizations are able to benefit from that through improved and mature security programs," he says.
In the interview, Engle:
- Discusses the characteristics of individuals who decide to grow their IT security careers in state government rather than in the higher-paying private sector;
- Explains how Texas distinguishes cybersecurity from information security professionals;
- Describes the types of certifications employees receive who successfully complete the academy program.
Engle became state CISO and cybersecurity coordinator in March 2013, and works out of the Department of Information Resources. He serves as the primary policy-making official for statewide cybersecurity matters, developing plans, standards and guidelines to address emerging security technology challenges, threats and trends. As Texas cybersecurity coordinator, he leads efforts to build partnerships between private industry and governmental organizations to develop and disseminate best practices for protecting critical infrastructure and sensitive information.
He cofounded the Texas CISO Council, a regional steering committee comprised of security leaders from private industry and the public sector, with the mission to facilitate collaboration among organizations to advance security initiatives.