Opinion

How Valuable Is Security Certification?

Are certifications a valid mark of a persons skill and knowledge level, or are they just resumé fluff?

By Sandy Kendall

September 30, 2002CSO — Its not too late. If you hurry, you could still make it to the first annual International Symposium on Information Security, held this week at Londons Thistle Charing Cross Hotel. But wait. It says here in a press release that you gotta be certified. Well, not in so many words. But, This symposium is the worlds first international security forum to be developed exclusively by CISSPs for CISSPs and their associates from respected organizations. So says James E. Duffy, CISSP, managing director for (ISC)2. The event is sponsored by the MIS Training Institute and The International Information Systems Security Certification Consortium ((ISC)2), a nonprofit organization that trains and certifies IS security professionals (CISSP) and practitioners (SSCP) worldwide.

There are nearly 11,000 CISSPs working in 80 countries, with many, according to the (ISC)2 literature, in top positions in both the public and private sectors. That would be lofty company indeed at the conference. As it turns out, you dont actually have to be certified to attend, but you get a comfortable discount if you are. On first read, however, the wording implicitly suggests a certified exclusivity. And lately, many security job descriptions have that same ring. Some employers say they wouldnt hire a security worker who didnt have certification. (See Youre Certifiable in the October issue of CSO.)

But for some in the business, the increasing emphasis on certification raises questions. Is certification more important than experience? Are all certifications created equal? The proliferation of certifications (now more than 20) that you can obtain as a security worker yields a comical volume of acronyms. Besides CISSP and SSPC, you could get CISA, ISACA or TICSA certification. Or CCSE or CCNA or EWSCP. You know, just for starters. Many of these are simply the result of vendors flinging themselves onto the bandwagon and offering certification to boost their own credibility and prominence. And some, of course, are well-intended efforts to demonstrate the extent of knowledge of job applicants. They may even have real value.

Whats your opinion? Are certifications a valid mark of a persons skill and knowledge level, or are they just resumé fluff? Tell us what you think.

$firstKeyword

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors