I was recently invited to participate in a panel discussion for CISO A/NZ, which including touching on the subject of this article. Wearing my hat as the Vice President of the Information Technology Professionals Association (ITPA), I joined other seasoned experts to provide input on how to best address strengthening culture around IT and cybersecurity. With the ever-increasing cyber footprint, as well as new technology evolving at pace, we need to ensure professionals in our industry maintain a high level of standards and implement best practices.
One way of achieving this is by ensuring IT staff are provided with a path for continuing professional development (CPD). Having a CPD policy enables IT professionals to maintain, improve and broaden their professional knowledge, expertise and competence to meet their obligations to provide ethical, effective and competent service. CPD is an important foundation of lifelong learning and helps IT professionals to maintain their competence in their field.
We are all familiar, I am sure, with the Certified Practicing Accountant pathway provided by CPA Australia, and how it is almost synonymous when looking for an accountant. It provides confidence that, at least, they maintain a level of continual professional development that is reassessed on a regular basis by CPA Australia.
Industries such as finance do require providers (eg, financial advisers) to have CPD policies and procedures in place; it is defined in law (such as the Corporations Act – Standards Body (s 921B(5)) and needs to be adhered to in order for licences to be to maintained. It builds confidence not just for those in receipt of the service, but also for those providing it.
Our industry, however, does not have specifications put in place by law that require IT professionals to maintain a level of continual development. Yet such an approach to maintaining professionalism in the IT sector may avoid future problems and regulatory impositions, just as it does in financial planning, banking and construction.
With the recent amendments to the Security of Critical Infrastructure Act 2018 (SOCI), and with more industries needing to address their cybersecurity footprint, it is important that organisations or suppliers of services have a CPD program in place for their IT staff. They should also ensure they are accredited by such programs as the Certified Practicing Member (CPM) program offered by ITPA.
IT professionals have expert knowledge and skills, but we do not enjoy the recognition or influence of more established professions, even though many of us manage critical functions and major public risks. In the absence of public trust and/or recognition, other non-IT professionals will be the ones who make the big decisions.
As an employer, if you don't have a CPD program in place, at least look to employ IT professionals who maintain their own path via CPD, and who are recognised by industry bodies who can account for their efforts by way of accreditation… again, such as the CPM program provided by ITPA.
Employing an IT professional who is up to date with the latest issues and developments in security and management should enhance confidence and competence not only in the individual but also their organisation.