Assessments are good things. Let me elaborate.

Yesterday was the last mentoring session of my current SANS class. I was pleased to see the feedback that my students gave me, and I am definitely planning to do this again somewhere this Fall. Mentoring a class is very rewarding; not only does it allow you to rise above the course material in a way that is almost impossible to do when you are 'just' a student, it will also expand your professional network and expose you to different environments.

Each student brings with him specific knowledge and experience that
is fed back right to the other students. SANS mentor sessions are a
great way to learn from each other.

As an instructor, learning from your students that they were able to
apply the subject matter directly to their daily work is incredibly
rewarding. It is this kind of feedback that is hard to get from college
students; they might be able to adopt the material that is taught, but most of them are not in a point in their career yet that they can also apply it directly.

Not only did the I finish the SANS mentor session, I also received copies of all the feedback forms
that were submitted for the talk that Adam Dodge and I gave at SOURCE
Boston last week. We were very pleased with the positive feedback that
we got and I would like to thank everyone who attended for their kind words.

Finally, I also got the evaluation forms back from the regular
undergraduate class I taught in the Fall semester, and that was
generally positive too. The one area I need to work on for next time is
to be even more explicit about expectations and more clearly
communicate grading criteria.

All in all, good stuff. 

The one common theme in all three examples described above is the
need to generate constructive feedback, to take that feedback seriously
and to learn from it so we can improve what we do and how we do it.

This is true in any field, and information security is no exception. If we do not constantly evaluate ourselves,
either through self-assessement, or through an external
assessment/audit, we will remain stuck in a status quo and develop a
(false) sense of achievement. 

Assessments are good things.