Lifelong Learning Matrix Samuel Warren IS469 – Information Security Capstone Dan Morrill City University of Seattle June 7, 2012   Lifelong Learning Matrix Executive Summary Whether one plans to become a Chief Information Officer, an Information Security professional, or an Information Auditor, there is a strong likelihood there is a certification that will greatly enhance the hiring potential. Whether one wants to get a certification in ISACA’s Certified Information Systems Management or something else, understanding the benefits and potential drawbacks of not attaining the certification is vital. Introduction The need for ongoing education in any field is crucial for continued innovation. While it is necessary in all fields, the need for it in Information Security is more critical and is directly linked to how well the field of Information Security overall does at protecting its organizations. By creating a Learning Matrix, like the one described within, the security professional can create visibility into the required tasks in the short, medium, and long terms. According to the ISACA website, for example, the CISM certified professional: • Demonstrates your understanding of the relationship between an information security program and broader business goals and objectives • Distinguishes you as having not only information security expertise, but also knowledge and experience in the development and management of an information security program • Puts you in an elite peer network • Is considered essential to ongoing education, career progression and value delivery to enterprises. (2012) While this will not be the sum total of all learning one should achieve in their lifetime, this certification, as well as CISSP certification, are two of the most highly demanded certifications by hiring managers in the Information Security realm. The Matrix The created matrix (attached) describes five columns of goals and three rows of time frames. The major goals were chosen based on personal preference. They consist of Certified Information Systems Security Professional (CISSP) certification, Certified Information Security Manager (CISM) certification, getting a job as an Information Security professional, becoming a Chief Information Officer (CIO), and Administration of the Learning Matrix. The intersection of each Column and Row contains the required tasks associated with the major goal. For example, in the “Near-Term” for CISSP certification, finding a job that works with a majority of the CISSP domains is a task. One of the requirements for CISSP certification is a minimum of five years of experience working in the domains provided on their site (International Information Systems Security Certification Consortium, 2012). That is just the starting requirement; there is also an examination that must be passed and fees to be paid to gain certification with this organization. Another example is found in the “Mid-Term” section of the “Administration” goal. In that cell, there are tasks to do a yearly look-back and create any additional goals to the matrix as necessary. The goal of the “Administration of the Matrix” column is to create a way to adjust the matrix and goals as needed to accommodate changes in certifications and goals of the matrix owner. Measuring Success The aforementioned “Administration of the Matrix” column is used as a way to create some buffered time to allow for reflection on how successful the creator of the Matrix has been in the major goals and tasks. It is extremely important to take time to evaluate growth, successes, and failures in the goals and tasks so one can have a keen understanding of where he/she is in the process of learning at said juncture. It is also crucial to keep the goals as static as possible to prevent making the goals impossible to reach. One should make the goals specific, measurable, and attainable so he/she can feel the accomplishment of completing major goals.   References International Information Systems Security Certifcation Consortium. (2012). Certified Information Systems Security Professional. Retrieved from ISC2.org: https://www.isc2.org/cissp/default.aspx ISACA. (2012). Certified Information Security Manager. Retrieved from ISACA.org: http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/default.aspx