One of my important realizations in Human Capital is that there are things that you do at work that matter a lot in a company. Unfortunately, the company neither notices it nor gives value/invest on it.
That’s why it’s essential to classify tacit (implied) knowledge that contribute to the human capital of the organization. I have classified one useful and common skill that most information security professionals do that is not part of their role and undervalued by the organization yet it contributes a lot in the organization’s human capital.
I have examined a common skill by infosec professionals called “Cyber Threat Intelligence” (CTI) where the analysts are proactively look for attacks rather than reacting to it as they happen. They try to predict, analyze, detect and respond to Zero-day attacks too.
I have created a model for it called CTI Knowledge Model. My paper can be found here: Tacit to Explicit