Professional Development
Last updated on February 6, 2024Are you interested in professional development?
As a cybersecurity professional you get the opportunity to work in a constantly evolving environment, dealing with technologies and systems that go on to serve millions and millions of users. This ever changing threat landscape that security professionals work in requires them to have a broad skill set and continually improve their abilities.
On this page we outline some tips to help you continue your professional development and become an asset to your cybersecurity team.
Jump start your security career
The Jump start your security career page provides information for individuals who have ever been interested in a security career. It provides tools and resources to learn more about the field and also where to acquire the knowledge to become an asset for any security organization.
Communications for security professionals
The Communications for security professionals page provides a short video and informational series on the 6 key areas of communication. If you have ever been interested in improving your communication or soft skills this page will assist.
The Ministry Information Security Officer (MISO) Guidebook
This guide is geared towards exploring in depth the key roles and responsibilities of the MISO. The guide contains information, tools and resources that will benefit MISOs in performing their role as well as organizations and individuals who intend to improve the security of their enterprise.
Take Information Security Online Course
Take this course on information security and awareness to learn how to protect the information around you.
Other information security courses
Patch Management Course
This course covers what patch management is, why it is required, OCIO patch standard, benefits, and responsibilities. The course addresses priorities and lifecycle and talks about patch management software. Best practices are also discussed. This course is particularly useful to technology service delivery units and security professionals, and has applicability to all staff in the BC Public Service.
Click here to view the course content, or if you are an employee of the BC Public Service and want to receive credit please start the course through the My learning system.
What is Security Risk?
In this training video we cover basic concepts around what a security risk is.
Executive Overview
In this quick 15-minute training video we provide an executive overview of how the Province of British Columbia approaches Information Security Risk Management.
Security Threat and Risk Assessment Training 101
In this training video we take a deep dive into security threat and risk assessments.
Security Threat and Risk Assessment Training - 101 - Slide Deck
Security Threat and Risk Assessment Training - 101 - Slide Deck with speaking notes transcript
Security Threat and Risk Assessment Training - 101 - Slide Deck (PDF)
Understanding the reference STRA process
A SOAR is the final artifact produced for a Security Threat and Risk Assessment. This training video will help you understand, in detail, how to complete a Statement of Acceptable Risks (SOAR).
Understanding and completing the SOAR course
This training video covers the Province of British Columbia’s recommended reference process for conducting Security Threat and Risk Assessments (STRA). Once you have watched this you will better understand the steps required to complete an STRA from beginning to end.
Corporate SOAR vs Corporate Systems
This short video will educate you on the differences between a Corporate SOAR and a Corporate System.
Tutorial
In this detailed tutorial video, you will learn how the Province of British Columbia approaches Information Security Risk Management. You will learn about Security Threat and Risk Assessments and risk registers.
Risk Assessment: Evaluating and Managing Risks - Are you feeling risky?
Learn about risk assessment and see some real world examples in this informative talk from the Nov 2021 Security Day.
Risk Bootcamp
Brian Horncastle gives a presentation that outlines how to build a comprehensive risk management program and gives an overview of risk management concepts used by the BC Government.
Tales from the Crypto: Part I - Introduction
Tales from the Crypto: Part II - PKI Concepts
Tales from the Crypto: Part III - PKI Encryption
Tales from the Crypto: Part IV - PKI Hash & Signing
Tales from the Crypto: Part V - PKI Certificate Authorities
Tales from the Crypto: Part VI - PKI Review
Application Security
Tanya Janca from SheHacksPurple holds discussions with a variety of guests and reviews content from her 10 chapter book, Alice and Bob Learn Application Security. This book covers both basic and complex subjects including threat modeling, security testing, and securing software systems.
Alice and Bob Learn Application Security is an engaging, thorough resource that helpful for anyone who wants to improve their application security skills regardless of experience.
You can buy Alice and Bob Learn Application Security here.
Alice and Bob Learn Application Security Playlist
Secure IT Asset Management Course
This is the OCIO Information Security course on Secure IT Asset Management (SITAM). You may be familiar with asset management but this course approaches the subject from a different perspective, through the lens of information security.
The course provides a background on what SITAM is, followed by the benefits that can be gained by its implementation. Next is information on a framework for using SITAM and some best practices.
Then the course moves into the asset lifecycle and how to create an inventory record, communication and data flows, as well as how to define critical assets. Lastly the course runs through secure IT asset management within the B.C. Government followed by a course summary and glossary.
Network Security Course
This is the OCIO Information Security course on Network Security.
To understand networking, we need to start with the basics. Without this foundation, it's difficult to understand more complex network topics.
Designed to be a broad introduction to networking and network security,
this course aims to teach you about:
What does professional development for a security professional look like?
The role of a cyber security professional requires a diverse set of skills, because of this there are many different professional training resources that can be utilized. CyberSecurity professionals looking to improve their skills may pursue training in a few key areas
- A solid grounding in IT fundamentals (web applications, system administration)
- Coding skills (C, C++, Java, Python,html, and more)
- Understanding architecture, administration and operating systems
- Technical Certifications (CISSP, CISM, CISA, and more)
- Soft Skills (oral, written communication, leadership, negotiation)