Professional Development

Last updated on February 6, 2024

Are you interested in professional development?

As a cybersecurity professional you get the opportunity to work in a constantly evolving environment, dealing with technologies and systems that go on to serve millions and millions of users. This ever changing threat landscape that security professionals work in requires them to have a broad skill set and continually improve their abilities.

On this page we outline some tips to help you continue your professional development and become an asset to your cybersecurity team. 

Jump start your security career

The Jump start your security career page provides information for individuals who have ever been interested in a security career. It provides tools and resources to learn more about the field and also where to acquire the knowledge to become an asset for any security organization.

Communications for security professionals 

The Communications for security professionals page provides a short video and informational series on the 6 key areas of communication. If you have ever been interested in improving your communication or soft skills this page will assist.

The Ministry Information Security Officer (MISO) Guidebook

This guide is geared towards exploring in depth the key roles and responsibilities of the MISO. The guide contains information, tools and resources that will benefit MISOs in performing their role as well as organizations and individuals who intend to improve the security of their enterprise. 

Take Information Security Online Course

Take this course on information security and awareness to learn how to protect the information around you.

Other information security courses

 

Patch Management Course

This course covers what patch management is, why it is required, OCIO patch standard, benefits, and responsibilities. The course addresses priorities and lifecycle and talks about patch management software. Best practices are also discussed. This course is particularly useful to technology service delivery units and security professionals, and has applicability to all staff in the BC Public Service.           

 

Patch Management Course Introduction

Click here to view the course content, or if you are an employee of the BC Public Service and want to receive credit please start the course through the My learning system.Lock icon

 

Information Security Risk Management Course Series

What is Security Risk?

In this training video we cover basic concepts around what a security risk is.

 

What is a security risk?

Executive Overview

In this quick 15-minute training video we provide an executive overview of how the Province of British Columbia approaches Information Security Risk Management.

 

Executive Overview

Security Threat and Risk Assessment Training 101

In this training video we take a deep dive into security threat and risk assessments.

Security Threat and Risk Assessment Training 101

Security Threat and Risk Assessment Training - 101 - Slide Deck

Security Threat and Risk Assessment Training - 101 - Slide Deck with speaking notes transcript

Security Threat and Risk Assessment Training - 101 - Slide Deck (PDF)

Understanding the reference STRA process

A SOAR is the final artifact produced for a Security Threat and Risk Assessment. This training video will help you understand, in detail, how to complete a Statement of Acceptable Risks (SOAR). 

 

Understanding the reference STRA process

Understanding and completing the SOAR course

This training video covers the Province of British Columbia’s recommended reference process for conducting Security Threat and Risk Assessments (STRA). Once you have watched this you will better understand the steps required to complete an STRA from beginning to end.

 

Understanding and completing the SOAR course

Corporate SOAR vs Corporate Systems

This short video will educate you on the differences between a Corporate SOAR and a Corporate System.

 

Corporate SOAR vs Corporate Systems

Tutorial

In this detailed tutorial video, you will learn how the Province of British Columbia approaches Information Security Risk Management. You will learn about Security Threat and Risk Assessments and risk registers.

 

Tutorial

Risk Assessment: Evaluating and Managing Risks - Are you feeling risky? 

Learn about risk assessment and see some real world examples in this informative talk from the Nov 2021 Security Day.

Presentation Slides

 

Risk Assessment: Evaluating and Managing Risks

Risk Bootcamp

Brian Horncastle gives a presentation that outlines how to build a comprehensive risk management program and gives an overview of risk management concepts used by the BC Government.

 

Security Risk Bootcamp

  Presentation Slide Deck

 

Cryptology & PKI Concepts - "Tales from the Crypto"

Tales from the Crypto: Part I - Introduction

Intro to Cryptology

Introduction - "A witch’s brew of ciphers"

Tales from the Crypto: Part II - PKI Concepts

PKI Concepts

Public Key Concepts - "Unlock the door to horror"

Tales from the Crypto: Part III - PKI Encryption

Public Key Encryption

Public Key Encryption – “Who has who locked in what cage” - Ray Bradbury

Tales from the Crypto: Part IV -  PKI Hash & Signing

PKI Hash & Signing

Public Key Hashing and Signing – "Math in a blender"

Tales from the Crypto: Part V -  PKI Certificate Authorities

PKI Certificate Authorities

Public Key Infrastructure – "Collector of souls (mainly their keys)"

Tales from the Crypto: Part VI - PKI Review

 

PKI Review

Public Key Concept Review – "You will survive"

 

Application Security

Tanya Janca from SheHacksPurple holds discussions with a variety of guests and reviews content from her 10 chapter book, Alice and Bob Learn Application SecurityThis book covers both basic and complex subjects including threat modeling, security testing, and securing software systems. 

Alice and Bob Learn Application Security is an engaging, thorough resource that helpful for anyone who wants to improve their application security skills regardless of experience. 

You can buy Alice and Bob Learn Application Security here.

Alice and Bob Learn Application Security Playlist

 

Full Playlist

 

 

Secure IT Asset Management Course

This is the OCIO Information Security course on Secure IT Asset Management (SITAM). You may be familiar with asset management but this course approaches the subject from a different perspective, through the lens of information security.

The course provides a background on what SITAM is, followed by the benefits that can be gained by its implementation. Next is information on a framework for using SITAM and some best practices.

Then the course moves into the asset lifecycle and how to create an inventory record, communication and data flows, as well as how to define critical assets. Lastly the course runs through secure IT asset management within the B.C. Government followed by a course summary and glossary.

Presentation

 

Network Security Course

This is the OCIO Information Security course on Network Security. 

To understand networking, we need to start with the basics. Without this foundation, it's difficult to understand more complex network topics.

Designed to be a broad introduction to networking and network security,

this course aims to teach you about:

Networking fundamentals.
Network security fundamentals.
Networking encryption.
Common network vulnerabilities.
 

What does professional development for a security professional look like?

The role of a cyber security professional requires a diverse set of skills, because of this there are many different professional training resources that can be utilized. CyberSecurity professionals looking to improve their skills may pursue training in a few key areas

  • A solid grounding in IT fundamentals (web applications, system administration)
  • Coding skills (C, C++, Java, Python,html, and more)
  • Understanding architecture, administration and operating systems
  • Technical Certifications (CISSP, CISM, CISA, and more)
  • Soft Skills (oral, written communication, leadership, negotiation)