Whereas many IT employers harp on experience and view a college degree in computer science or a related field as a nice-to-have, others consider it a critical component in the recruiting process.
Case in point: Christopher Buse, chief information security officer for the state of Minnesota’s Office of Enterprise Technology, believes a solid academic background produces well-rounded candidates and demonstrates their ability to learn. Buse’s agency is proof that investing quality time, money and effort in a rigorous IT-heavy college education pays off in the long run.
Structure of the Agency
The Office of Enterprise Technology is responsible for the overall technology planning and coordination for the state government. The IT agency boasts about a 325-member staff, although the state government of Minnesota as a whole consists of approximately 35,000 employees.
Within the agency are a vast assortment of job roles and responsibilities. Some of the technology management functions include database administration, server administration, networking, network support and data-center facility management. On the development side, the agency recruits people who are skilled in enterprise architecture, IT procurement, contract management, project management and application management.
“We have an information security incident response team, [which is responsible for] things like vulnerability scanning, intrusion detection and prevention, security information and event management and penetration testing,” Buse said.
Buse’s area of expertise is the enterprise security group, which essentially manages the enterprise security governance for the entire state.
“We have a group in my area that assesses security compliance, both within state government and with third-party vendors,” Buse said. “We also have a group called Access Control Services, which is developing a framework and tools for government-wide identity and access management.”
In addition, one section of the department handles finance, accounting and budgeting, while another wing is responsible for customer-service management — including service-desk, client relations and service portfolio management.
“If it’s related to IT, we have it in our organization,” Buse said.
The Merits of a College Education
One particular qualification that would make an applicant stand out in Buse’s eyes is a strong academic background.
“I think it gives them a very well-rounded perspective on learning, and they’re not just pigeon-holed in certain technology areas,” he explained. “More and more you find that people — in order to provide good technology service and good IT security service — have to have the capability to understand the business of government. I think that’s where being a well-rounded person with a college degree makes sense.”
An ideal academic combination, Buse explained, would be a degree in computer science or MIS (management information systems), along with some experience in accounting and finance.
“To me, those are the ideal things because being able to marry really strong technology skills with the ability to put deals together and make them make sense from a financial perspective is really the challenge that we face today — not just doing technology for the sake of technology, but really doing technology to solve a problem and doing it cost effectively,” he said.
Buse explained that while obtaining certifications and garnering industry experiences were of immense value, academic experience would serve as a necessary foundation.
“The strong educational background is more important for me because we do a lot of high-level architectural design. So if I have people who have computer science degrees and are college-educated, it shows me they have the ability to learn,” Buse said. “[And] if we have people who can show that they have the demonstrable ability to learn, then we can always teach them new vendor products and get them vendor certifications.”
An Optimal Mix of Veterans and Grads
The workforce at the agency comprises individuals fresh out of college, as well as recognized experts.
“Starting off, we hired a lot of really experienced people, a lot of high-level architectural folks to help us develop the program,” Buse said. “[But we’re] going to need people to come in at the entry level to run our vulnerability and threat management program, work in our security operation center and help develop continuity of operations plan. So all those kind of roles are going to have to be filled long term.”
To that end, Buse and his team have been working to build affiliations with local colleges and universities, with the ultimate goal of creating a feeder program.
A Combination of Skills Hard to Find
Buse started out an English major in college with the intention of becoming a technical writer. Over time, however, he wound up migrating over to the IT audit side before being fully integrated into the IT world.
Although his academic background solidified his soft skills around communication, Buse said that’s one area in which his IT agency struggles.
“I come into a world today where people aren’t used to writing public reports,” he said. “What I find is a tendency to do really good work, [but] I think the work gets discredited because the written product is so poor.”
In fact, the lack of communication skills has become a major challenge for the agency. The burden for filling this skills gap ultimately falls on Buse.
“It’s heartbreaking, and I spend a lot of nights as the state [chief information security officer] rewriting a lot of stuff because people can’t [effectively communicate through writing],” he said.
The ramifications spill over into other areas of the agency, as well.
“One of the sad things is I have three full-time technical writers on my staff right now because people just don’t write,” Buse said. “To develop good services — services that can be sold to businesspeople and make a lot of sense — there’s got to be a bible on the shelf that really defines every service from the marketing side all the way to the back-end processes that help-desk and support people have to run.”
In addition to your run-of-the-mill checklist for hiring IT professionals — which often includes solid technical requirements — the Office of Enterprise Technology seeks candidates with strong business skills that augment their technical skills.
“That’s why I look at certifications,” Buse said. “If I see people who are both a CISSP [Certified Information Systems Security Professional] and a CPA [Certified Public Accountant] or a CISA [Certified Information Systems Auditor], those kinds of combinations mean a lot to me.”
Moreover, the manner in which candidates conduct themselves can speak volumes in terms of determining a good fit for the organization.
“People’s presence and demeanor is really important,” Buse said. “How well do they interview? How well do they speak? Do I feel like I can put these people out there in front of the world? That means a lot to me.”
Furthermore, Buse is inclined to recruit candidates who give back to the IT profession. These typically are individuals who are actively involved in professional organizations, such as ISACA [Information Systems Audit and Control Association] or ISSA [Information Systems Security Association].
“I like people who are involved in professional organizations because, if they take the time and make a commitment to their own development and career, then they’re probably going to take the time to do a good job for us, too,” Buse said.
Formulating a Long-Term Career Track
The agency believes in investing in employees in the long-term, which is why Buse and his staff are working on defining roles and responsibilities of specific positions.
“I [want to be able to] go to college students and say: ‘Here’s our career path — we have a three-year generalist track where we’ll bring you through these two positions, and from there we have a branch where you can go into vulnerability and threat management or intrusion detection,’ or whatever the case may be,” Buse said. “I want to show them what the career path is and what choices are available to them.”
In addition to its commitment to career development, Buse said a career in government can be rewarding.
“In government, you have to give up a little bit of money, but you’ll never have an opportunity to work on bigger projects where more is at stake,” he said. “For us, if the systems fail, people could literally die.”
– Deanna Hartley, firstname.lastname@example.org