In many organizations, security professionals have too much to do and too little time to do it in. Nevertheless, security professionals need to stay current – ours is a rapidly developing and changing profession. Current events often force us to re-think time-honored principles to make sure they still hold.
Spending 100% of your time doing security work in your organization may be good in the short-run, but it will hurt both you and your organization in the long-run. I recommend you recalibrate your priorities, to allow time to catch up and stay current. Follow these guidelines:
1. Spend 2-4 hours/week reading journals, articles, etc on security processes and technology.
2. Spend time with vendors with security products and services; understand how they work and how they might benefit your organization.
3. Spend time with department heads in the enterprise to understand how their departments work.
4. Accumulate a library of books on information security. The suggested reading lists from ISACA and ISC2 are good sources of good security books.
5. Go to conferences and other events where other security people attend. Talk with them and better understand how they protect their own businesses.
Peter H. Gregory 